Bogdan Harjoc
2014-10-15 15:53:58 UTC
How does the newly introduced [1] support for the Downgrade SCSV stop
an attacker from removing the SCSV from an outgoing ClientHello ? Am I
missing something, or is there no hash to ensure that the ClientHello
received by the server has not been tampered with ?
[1] https://tools.ietf.org/html/draft-bmoeller-tls-downgrade-scsv-02
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
an attacker from removing the SCSV from an outgoing ClientHello ? Am I
missing something, or is there no hash to ensure that the ClientHello
received by the server has not been tampered with ?
[1] https://tools.ietf.org/html/draft-bmoeller-tls-downgrade-scsv-02
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org