Since this is the users list (as opposed to the dev list) I’m a little confused 
about point 2 there; my understanding from the sketchy descriptions I’ve read 
is that the fallback to a lower version is automatically done by openssl on 
connect failure as opposed to something similar to the code snippet below being 
present in application code. (i.e. I’m not sure whether you intend the “client” 
in that description to be openssl library code or user application code which 
calls into the library).  Thanks … N

From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Jakob Bohm
Sent: October-17-14 7:59 AM
To: openssl-users@openssl.org
Subject: Please document the new SSL_MODE_SEND_FALLBACK_SCSV

The new SSL_MODE_SEND_FALLBACK_SCSV option is badly documented in
the wiki and man pages, which is going to cause a lot of problems
when people everywhere rush to incorporate the security fixes into
their code.

In particular, I find the following to be fully undocumented (except
by trying to read the code):

1. SSL_MODE_SEND_FALLBACK_SCSV was introduced in versions 1.0.1j,
  1.0.0o and 0.9.8zc, not way back when SSL_CTX_set_mode() itself
  was introduced.  The information at the bottom of that manpage
  needs to say that, like it already does for SSL_MODE_AUTO_RETRY.

2. [ THIS IS A GUESS ]
   SSL_MODE_SEND_FALLBACK_SCSV should only be set if the client
  contains code like the following:

  /* pseudo code */
  SSL_try_connect_(supporting versions x..y)
  if (failed) {
     SSL_try_connect_(supporting versions x..y-1)
     if (failed) {
        SSL_try_connect_(supporting versions x..y-2)
        ... (etc.)
     }
  }

  In which case that code needs to change to

  /* pseudo code */
  SSL_try_connect_(supporting versions x..y)
      /* No SSL_MODE_SEND_FALLBACK_SCSV when trying with highest
        attempted y */
  if (failed) {
     SSL_try_connect_(supporting versions x..y-1, SSL_MODE_SEND_FALLBACK_SCSV)
     if (failed) {
        SSL_try_connect_(supporting versions x..y-2, 
SSL_MODE_SEND_FALLBACK_SCSV)
        ... (etc.)
     }
  }

  (Note: The Internet draft says (in very technical terms) when an
  SSL client should send the message, not when an application should
  tell any given SSL library to do so, because that answer is expected
  to differ between OpenSSL, Mozilla NSS, Microsoft SCHANNEL,
  MatrixSSL and other SSL libraries).

3. Unlike the other SSL_MODE_ options, SSL_MODE_SEND_FALLBACK_SCSV
 is not about an internal API behavior.

4. Why this isn't SSL_OPTION_SEND_FALLBACK_SCSV (there is probably
 a good reason, but it isn't documented).



Enjoy



Jakob

--

Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com

Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10

This public discussion message is non-binding and may contain errors.

WiseMo - Remote Service Management for PCs, Phones and Embedded

Reply via email to