Skip to content

Add support for TLS_FALLBACK_SCSV (RFC7507)

Alessandro Ghedini requested to merge ghedo/gnutls:tls_fallback_scsv into master

This implements the TLS_FALLBACK_SCSV thingy both client and server side.

I'm not completely sure about the client side support though, in particular the way gnutls_handshake_enable_fallback_scsv is implemented, but I couldn't come up with anything better.

To test the server support run gnutls-serv and then connect to it with:

$ openssl s_client -connect localhost:5556 -fallback_scsv -no_tls1_2

To test the client support run:

$ gnutls-cli --priority="NORMAL:-VERS-TLS1.2" --fallback-scsv example.com

Fixes issue #9 (closed).

Merge request reports