How does the newly introduced [1] support for the Downgrade SCSV stop an attacker from removing the SCSV from an outgoing ClientHello ? Am I missing something, or is there no hash to ensure that the ClientHello received by the server has not been tampered with ?
[1] https://tools.ietf.org/html/draft-bmoeller-tls-downgrade-scsv-02 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
