RFC: 8061798: Add support for TLS_FALLBACK_SCSV (RFC 7507)
fweimer at redhat.com
Wed May 6 13:42:59 UTC 2015
On 05/06/2015 01:42 AM, Xuelei Fan wrote:
> As additional APIs are strongly desired, what do you think to make the
> API more general and easy to use? For example, using the name:
> SSLParameters.setUseFallbackMode(boolean isFallback)
> boolean SSLParameters.getuseFallbackMode()
> We can implement more for this parameters if need to take care of
> additional more problems during fallback negotiation. Instinctively,
> developers and code reviewers would not call this APIs unless this is a
> real fallback negotiation, I think.
Sounds reasonable. I have add an @implNote mentioning that the default
provider sends TLS_FALLBACK_SCSV.
There are now additional tests which explicitly verify the cipher suite
list sent by the client.
Florian Weimer / Red Hat Product Security
More information about the security-dev