> > SSL_set_mode(ssl, SSL_MODE_SEND_FALLBACK_SCSV) > > You might care about fallback from TLS 1.2 (which has PFS) to TLS 1.1 (which > doesn't). > > I recommend that you always set that flag.
Two clarifications: TLS 1.2 (with AEAD) to TLS 1.1 (doesn't). Or TLS 1.1 (PFS) to TLS 1.0. And by always, I meant always set it whenever you fall back. Not always every single time. :) -- Principal Security Engineer, Akamai Technologies IM: rs...@jabber.me Twitter: RichSalz
