Thanks Florian, Jakob, Matt and everyone else. You guys are fascinating. Its a rocking community. Thanks again for your excellent support and taking pain to answer my repeated questions.
On Mon, Oct 27, 2014 at 1:04 AM, Florian Weimer <f...@deneb.enyo.de> wrote: > * Aditya Kumar: > > > Suppose, the Server is patched with the FALLBACK flag and its protocol is > > set to TLSV1/SSLV23(with TLSV1 as the highest protocol) and then client > > tries to connect to Server in TLSV1 and sets FALLBACK flag before > > initiating communication with Server. Will the client be able to connect > to > > Server? Will Server accept this connection? > > With the current TLS_FALLBACK_SCSV draft, the connection will succeed. > > > From my understanding, when Server will see the request with FALLBACK > flag > > and Server's highest protocol is TLSV1, it will not really consider the > > client's request as fallback and will allow the connection. > > Correct. > > > This will work only because Server's highest protocol is TLSV1. But > > if in future, if the Server is upgraded to support TLS1.1 or TLS1.2, > > then the same connection from client will fail. > > Correct as well. That's why I called TLS_FALLBACK_SCSV a time bomb if > used outside of a fallback scenario: A lot of developers seem to > assume that they have to change their application to set the flag > SSL_MODE_SEND_FALLBACK_SCSV, when in fact they had to do nothing. The > fact that SSL 3.0 had already been “fixed” in 1999 (or whenever > OpenSSL introduced support for it), through the upgrade to TLS 1.0[*], > was not communicated properly. > > [*] Some caveats apply. You should at least use TLS 1.1. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
