> Here is the blogpost of the HTTPS breakdown:
> http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html
> From what I understand, the Client hello is the first part of the ssl
> handshake that is not encrypted/HMAC’d
No. Re-read the "prepare to be encrypted" section again. All handshake
messages are covered by a MAC. If an adversary strips out the SCSV then the
MAC's will not match.
/r$
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
:��I"Ϯ��r�m�����
(����Z+�K��+����1���x���h����[�z�(����Z+����f�y���������f���h��)z{,���
