A few short (simple) questions about the use of TLS_FALLBACK_SCSV since we’re 
currently upgrading to the latest openssl releases.

We don’t establish sessions with any other products than our own clients and 

We’ve already disabled the use of SSLv3 in both our client and server releases 
going forward, is there any advantage in also using TLS_FALLBACK_SCSV – i.e. 
will there be any benefit in connecting to our already deployed clients and 

(I actually don’t think that we’re vulnerable to POODLE since we don’t use 
anything like encrypted cookies or repeated messages that could be used to 
exploit padding changes to “peel off” decoded chunks.  Is there any other 
mechanism to exploit this would make us vulnerable?)

Where in the session establishment is TLS_FALLBACK_SCSV used and how would  we 
incorporate it?

I think a lot of folks will probably have these or similar questions, is there 
a FAQ somewhere to address this?

Thanks in advance … N

Reply via email to