Context options and SSL_MODE_SEND_FALLBACK_SCSV

Jeffrey Walton Wed, 15 Oct 2014 14:55:37 -0700

I have a question on the intersection of Patch to mitigate
CVE-2014-3566 ("POODLE") [0] and context options.


If the context options are set to remove SSLv3:

    SSL_CTX* ctx = ...
    long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION;
    SSL_CTX_set_options(ctx, flags);

Then is the following needed from [0]:

    SSL_set_mode(ssl, SSL_MODE_SEND_FALLBACK_SCSV)

I suspect not, but I want to make sure I'm not missing something
obvious (or getting myself into a bad state).

[0] 
https://groups.google.com/d/msg/mailing.openssl.users/qq4Jc9SffAs/fYMLO8aF9cgJ
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Context options and SSL_MODE_SEND_FALLBACK_SCSV

Reply via email to