I have implemented TLS_FALLBACK_SCSV for OpenJDK 9:
<https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00>
The justification is that there might be web browsers (with the broken
fallback behavior) which directly connect to HTTPS servers implemented
in Java.
Code review is here:
<https://fweimer.fedorapeople.org/openjdk/tls-fallback-scsv/>
Can I get a bug ID? Then I will include it in a follow-up patch,
together with a test case.
The client-side part is mainly there to support testing the server-side
part, it really should not be used. I do not plan to include it in the
backports because of the public API change.
I have not added a configuration knob to the server-side code because
the risk of it going wrong is extremely low (basically, a client would
have to use the 0x5600 cipher suite value for something else entirely).
There is still an ongoing discussion in IETF TLS WG whether this is a
good idea. I think it is not, others disagree. I wanted to post this
CR nevertheless to avoid duplicating work.
--
Florian Weimer / Red Hat Product Security
