POODLE and TLS_FALLBACK_SCSV deep dive

We’ve been seeing a lot of requests to implement TLS_FALLBACK_SCSV. Unfortunately, it only works if you already have clients that understand it. This article will give some background, discuss TLS do...
Published Oct 22, 2014
Version 1.0
security
amolari's avatar
amolari
Icon for Cirrostratus rankCirrostratus
Dec 09, 2014
Unfortunately, something is poorly documented. There is nothing to find about TLS_FALLBACK_SCSV in AskF5, except in the v11.5.1 HF6 RN: 485188 When the SSL ClientHello contains the SCSV marker, if the client protocol offered is not the latest that the virtual server supports, a fatal alert will be sent.