I have rebased the TLS_FALLBACK_SCSV implementation I submitted in October 2014 to the current jdk9-dev tree:
<http://cr.openjdk.java.net/~fweimer/8061798/webrev.00/> The test uses an expired X.509 certificate (which was already part of the test suite), but this is harmless. TLS_FALLBACK_SCSV is a bit of a wart, but it seems necessary for feature parity with other TLS server implementations. -- Florian Weimer / Red Hat Product Security
