On 15/10/18 18:54, Viktor Dukhovni wrote:
>> On Oct 15, 2018, at 9:19 AM, Matt Caswell <m...@openssl.org> wrote:
>>> Early, partial reports of the cause seem to indicate that the sending
>>> side was using OpenSSL with:
>>> SSL_CTX_set_mode(ctx, SSL_MODE_SEND_FALLBACK_SCSV);
>>> seemingly despite no prior handshake failure,
>> Are you sure about the "no prior handshake failure" bit? If they were
>> using pre6 or below then if they attempt TLSv1.3 first it will fail
>> (incorrectly - it should negotiation TLSv1.2 see issue 7315). The
>> fallback to TLSv1.2 with SSL_MODE_SEND_FALLBACK_SCSV set would then be
> No, not sure at all, but that's what the receiving system administrator
> tells me the sending system administrator told him. Perhaps they failed
> to understand the docs, and always set the fallback bit. MTAs tend to
> not do complex fallback, just send in the clear if opportunistic TLS
> fails, or try later and hope things work out better then.
> I've not yet received further corroboration. What do you make of the
> idea of making it possible for servers to accept downgrades (to some
> floor protocol version or all supported versions)?
I'm really not keen on that idea at all.
openssl-project mailing list