Martin Rex wrote:
Rubber-Stamping the fallback-scsv hack onto the standards track is IMHO a very bad idea.
I apologize if this has been discussed before (I have about 1400
unread TLS mailing list messages in my queue), but it seems that
a simpler SCSV or extension could just ask the server to echo its
highest supported version:
ClientHello w/SCSV ----->
<----- ServerHello w/version extension
Servers wouldn't have to change any logic or close the connection,
the client would make that call.
Mike