Thank you, Bodo.

This is a crucial point that was not clear to me when I was investigating the 
use of TLS_FALLBACK_SCSV the first time.

If my application uses SSLv23_method() when constructing the SSL context, and 
then explicitly disables SSLv2 and SSLv3 using SSL_CTX_set_options(), then 
OpenSSL will do "automatic protocols negotiation" and I don't need to also use 

Did I get it this time?


> From: Bodo Moeller <>
>To: "" <> 
>Sent: Friday, October 17, 2014 4:03 AM
>Subject: Re: Use of TLS_FALLBACK_SCSV
>Salz, Rich <>:
>Disabling ssl3 is a good thing.  But set the fallback because silently 
>dropping from tls 1.2 to tls 1.1 is bad.
>All this assumes that your client application *does* explicitly fall back from 
>TLS 1.2 to TLS 1.1, instead of just relying on automatic protocol version 
>negotiation. If you never do that (and I suspect you don't), your client has 
>no need for TLS_FALLBACK_SCSV. Do NOT set this, except for fallback 
>connections that downgrade the protocol version.
OpenSSL Project                       
User Support Mailing List          
Automated List Manager                 

Reply via email to