Since this is the users list (as opposed to the dev list) I’m a little confused about point 2 there; my understanding from the sketchy descriptions I’ve read is that the fallback to a lower version is automatically done by openssl on connect failure as opposed to something similar to the code snippet below being present in application code. (i.e. I’m not sure whether you intend the “client” in that description to be openssl library code or user application code which calls into the library). Thanks … N
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jakob Bohm Sent: October-17-14 7:59 AM To: openssl-users@openssl.org Subject: Please document the new SSL_MODE_SEND_FALLBACK_SCSV The new SSL_MODE_SEND_FALLBACK_SCSV option is badly documented in the wiki and man pages, which is going to cause a lot of problems when people everywhere rush to incorporate the security fixes into their code. In particular, I find the following to be fully undocumented (except by trying to read the code): 1. SSL_MODE_SEND_FALLBACK_SCSV was introduced in versions 1.0.1j, 1.0.0o and 0.9.8zc, not way back when SSL_CTX_set_mode() itself was introduced. The information at the bottom of that manpage needs to say that, like it already does for SSL_MODE_AUTO_RETRY. 2. [ THIS IS A GUESS ] SSL_MODE_SEND_FALLBACK_SCSV should only be set if the client contains code like the following: /* pseudo code */ SSL_try_connect_(supporting versions x..y) if (failed) { SSL_try_connect_(supporting versions x..y-1) if (failed) { SSL_try_connect_(supporting versions x..y-2) ... (etc.) } } In which case that code needs to change to /* pseudo code */ SSL_try_connect_(supporting versions x..y) /* No SSL_MODE_SEND_FALLBACK_SCSV when trying with highest attempted y */ if (failed) { SSL_try_connect_(supporting versions x..y-1, SSL_MODE_SEND_FALLBACK_SCSV) if (failed) { SSL_try_connect_(supporting versions x..y-2, SSL_MODE_SEND_FALLBACK_SCSV) ... (etc.) } } (Note: The Internet draft says (in very technical terms) when an SSL client should send the message, not when an application should tell any given SSL library to do so, because that answer is expected to differ between OpenSSL, Mozilla NSS, Microsoft SCHANNEL, MatrixSSL and other SSL libraries). 3. Unlike the other SSL_MODE_ options, SSL_MODE_SEND_FALLBACK_SCSV is not about an internal API behavior. 4. Why this isn't SSL_OPTION_SEND_FALLBACK_SCSV (there is probably a good reason, but it isn't documented). Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded