Hi, The TLS-WG is discussing a method to prevent a fallback attack in TLS. [1]
"Sad as it is, in order to work on public Internet all browsers implement TLS fallback: in the event of a handshake failure they will retry the connection with a lesser SSL/TLS version." The proposed solution is complex and requires protocol changes. A different solution is to pin the TLS version to the host. Once the TLS version is pinned any downgrade attack to a lower TLS version would fail. This feature could be optional or mandatory to be configured on the host. Please discuss. Opinions welcome. regards, ralf [1] http://www.ietf.org/mail-archive/web/tls/current/msg10676.html
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
