Thanks Florian Weimer for a prompt response. I have some follow up questions.
We use the following options to set SSL Context using the following API with the below options. SSL_CTX_set_mode(ctx,SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_AUTO_RETRY); So when SSLv23 is set as the protocol at both client and server, Does client automatically fall back and try with SSLV3 protocol if the connection with TLSv1 fails. Does Protocol downgrade dance means the client retry again to connect with Serverusing a explicit calls or does it automatically happen when both client and Server supports the protocols like SSLv23 at both the sides. Just want to get some clarity here. if we have SSLv23 at both and Server, Will the protocol used for communication will always be TLSv1 (the highest protocol at both client and Server) though the client always try to send SSLv2 client_hello message to the Server. Please bear with me if I am asking some trivial questions here.. Your help really make me understand this better. Regards, -Jaya. On Sat, Oct 25, 2014 at 10:35 PM, Florian Weimer <f...@deneb.enyo.de> wrote: > * Jaya Nageswar: > > > We have a library which is built on top of openssl 0.9.8 (now > incorporated > > the openssl 0.9.8zc related changes for TLS_FALLBACK_SCSV) for handling > > cryptographic and SSL functionality. By default the SSL protocol is set > to > > SSLv23 at both client and Server.That means The client and Server can > > support SSLv2, SSLv3 and TLSv1 protcols. However an explicit protocl > > (SSLv2/SSLv3/TLSV1) can also be set at both client and Server. > > Do you automatically disable TLSv1 in case of a connection error (this > is sometimes called the “downgrade dance”)? > > If not, your library simply cannot use TLS_FALLBACK_SCSV, and it does > not have to. > > > As per my understanding We can overcome the POODLe vulnerability by > > disabling SSLv3 protocol or setting the TLSv1 as the default protocol at > > client and Server. > > It is already the default (over SSLv3) because it is the more recent > protocol version. > > > 2. In general, if we have SSLv23 protocol at both client and Server, How > > does the protcol negotiation happens? I have been reading that the client > > sends a client_hello message along with the other protocols supported and > > the cipher suites. The Server then sends its supported protocols/cipher > > suites and selects the highest protocol supported by client and Server in > > the order. Is my understanding correct? > > Correct. If both ends support something newer than SSL 3.0, then the > connection will use that. This version negotiation is > cryptographically protected, so if an attacker attempts to interfere > with that, the connection will fail (and not silently revert to > SSL 3.0). > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
