On Fri, Jan 16, 2015 at 12:03 PM, Hanno Böck <hanno@xxxxxxxxx> wrote: > Recently Mozilla has disabled the now so-called protocol dance, which > makes adding another workaround (SCSV) pretty much obsolete: Until they add TLS 1.3 support, when they'll need it again. > (By the way: Has anyone thought what happens when people implement TLS > hardware that is version intolerant to versions > 1.2 and at the same > time send SCSV in the handshake? I'm pretty sure that at some point > some hardware will appear that does exactly that. Will we need another > SCSV standard for every TLS version then?) The draft specifies that servers should compare the ClientHello version to the version that they implement. If a client tries TLS 1.3, fails because of intolerance then tries TLS 1.2 + FALLBACK_SCSV, the server will accept the connection because the ClientHello version is >= its maximum version. Cheers AGL