Thank you, Bodo. This is a crucial point that was not clear to me when I was investigating the use of TLS_FALLBACK_SCSV the first time.
If my application uses SSLv23_method() when constructing the SSL context, and then explicitly disables SSLv2 and SSLv3 using SSL_CTX_set_options(), then OpenSSL will do "automatic protocols negotiation" and I don't need to also use TLS_FALLBACK_SCSV. Did I get it this time? Geoff >________________________________ > From: Bodo Moeller <bmoel...@acm.org> >To: "openssl-users@openssl.org" <openssl-users@openssl.org> >Sent: Friday, October 17, 2014 4:03 AM >Subject: Re: Use of TLS_FALLBACK_SCSV > > >Salz, Rich <rs...@akamai.com>: > > >Disabling ssl3 is a good thing. But set the fallback because silently >dropping from tls 1.2 to tls 1.1 is bad. > > >All this assumes that your client application *does* explicitly fall back from >TLS 1.2 to TLS 1.1, instead of just relying on automatic protocol version >negotiation. If you never do that (and I suspect you don't), your client has >no need for TLS_FALLBACK_SCSV. Do NOT set this, except for fallback >connections that downgrade the protocol version. > > >Bodo > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
