> Well I think I'm completely confused about this option now; "always when > you fall back" seems to suggest that falling back is an application level > operation (as opposed to openssl-implemented behaviour), is it? i.e. is the > onus on the client application to retry with a lower version if it wants to? > What then is the purpose of the option?
Yes it is completely a client application issued. The purpose is for the client to tell the server "I tried TLS and that failed and now I'm using SSLv3" (or whatever versions it ends up using). > Is there a simple example of a scenario where it would be used? SSL_new SLS_connect ...connection failed Ssl_new Set fallback flag Ssl_connect ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org