On Mon, Nov 10, 2014 at 09:28:17AM +0100, Lars Heide wrote:
> > Was there a prior connection shortly before that where the handshake
> > failed for some other reason?
>
> No, there is no prior connection according to our logs, which is
> strange, now that you mention it.
A possible cause is that the initial connection failed to complete,
and that's why the fallback might have taken place. Was the problem
consistent or a "one-of"?
> >> They use Kerio Connect 8.4.0 RC 1. According to Wikipedia (couldn't find
> >> any version information on their website):
> >>
> >> 8.3.4 OpenSSL library upgraded to version 1.0.1j to prevent MITM
> >> protocol downgrade to insecure SSL 3.0 protocol
> >
> > Perhaps 1.0.1j sometimes sends SCSV when it should not, I'll look
> > into it when I get a chance.
I'll may yet look into this later, but it should be very difficult
for that kind of bug to happen, the SCSV is supposed to be turned
on under application control, OpenSSL cannot unilaterally determine
that some prior connection failed and downgraded settings are in
use as a result. Since this should not ever be turned autonomously
by the library, it should never happen "by accident".
--
Viktor.
