> Well I think I'm completely confused about this option now; "always when
> you fall back" seems to suggest that falling back is an application level
> operation (as opposed to openssl-implemented behaviour), is it?   i.e. is the
> onus on the client application to retry with a lower version if it wants to?
> What then is the purpose of the option?

Yes it is completely a client application issued.

The purpose is for the client to tell the server "I tried TLS and that failed 
and now I'm using SSLv3" (or whatever versions it ends up using).

> Is there a simple example of a scenario where it would be used?
        SSL_new
        SLS_connect
        ...connection failed
        Ssl_new
        Set fallback flag
        Ssl_connect



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to