On 20/10/14 21:10, Nou Dadoun wrote: > Well I think I'm completely confused about this option now; "always when you > fall back" seems to suggest that falling back is an application level > operation (as opposed to openssl-implemented behaviour), is it? i.e. is the > onus on the client application to retry with a lower version if it wants to? > What then is the purpose of the option?
A ClientHello handshake message sent by the client will give the lowest and the highest SSL/TLS version supported. The server is expected to select the highest one of those that it also supports. Normally that's all you need to do and there is no need for the fall back option. However some buggy servers have been seen to be version intolerant, i.e. if the client sends a maximum supported version in the ClientHello higher than the one the server supports then the connection fails...even though the server does actually support a lower version that the client also supports. Frankly most applications don't need to worry about this. However some browsers have tried to work around the problem by sending a second ClientHello with a lower maximum supported version if they fail with the initial ClientHello. This is called fallback and is one of the issues that was exploited in POODLE. The simple answer in most cases is don't worry about it and don't do fallback unless you really have to. If you do then its entirely within the control of the client...openssl (client) does not do this automatically. If you decide to do it, then you should set SSL_MODE_SEND_FALLBACK_SCSV. > Maybe the following would clarify it - is there code in the new release of > openssl to recognize and act on this new option (other than simply sending > the option down the wire to be handled by application code)? OpenSSL on the server will appropriately respond when it sees a request with the option set. You do not need to do anything for this...it will handle it automatically. The application only needs to do anything if it is acting as a client and it wants to do fallback (as described above). > > Is there a simple example of a scenario where it would be used? > > > Is there documentation anywhere that describes how "fall back" is performed? Jeff Walton has provided some example code on the wiki: https://wiki.openssl.org/index.php/SSL_MODE_SEND_FALLBACK_SCSV Hope that helps Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
