On Fri, Jan 16, 2015 at 12:03 PM, Hanno Böck <hanno(_at_)hboeck(_dot_)de> wrote:
Recently Mozilla has disabled the now so-called protocol dance, which
makes adding another workaround (SCSV) pretty much obsolete:
Until they add TLS 1.3 support, when they'll need it again.
(By the way: Has anyone thought what happens when people implement TLS
hardware that is version intolerant to versions > 1.2 and at the same
time send SCSV in the handshake? I'm pretty sure that at some point
some hardware will appear that does exactly that. Will we need another
SCSV standard for every TLS version then?)
The draft specifies that servers should compare the ClientHello
version to the version that they implement. If a client tries TLS 1.3,
fails because of intolerance then tries TLS 1.2 + FALLBACK_SCSV, the
server will accept the connection because the ClientHello version is
= its maximum version.
Cheers
AGL