Re: [TLS] Downgrade SCSV info

Rob Trace <> Thu, 13 November 2014 03:54 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id CA5FF1A1B5D for <>; Wed, 12 Nov 2014 19:54:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gfoQrDbHKUaz for <>; Wed, 12 Nov 2014 19:54:35 -0800 (PST)
Received: from ( [IPv6:2a01:111:f400:fc10::746]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D00F41A1B51 for <>; Wed, 12 Nov 2014 19:54:34 -0800 (PST)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Thu, 13 Nov 2014 03:54:12 +0000
Received: from ([]) by ([]) with mapi id 15.01.0016.006; Thu, 13 Nov 2014 03:54:12 +0000
From: Rob Trace <>
To: "" <>
Thread-Topic: Re: [TLS] Downgrade SCSV info
Thread-Index: Ac/+9O5weiJnd0SQTLmp/+CUEBE1LA==
Date: Thu, 13 Nov 2014 03:54:12 +0000
Message-ID: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: [2001:67c:370:136:f443:da37:4451:c37d]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:CY1PR0301MB0891;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:; SRVR:CY1PR0301MB0891;
x-forefront-prvs: 0394259C80
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(189002)(41574002)(4396001)(31966008)(21056001)(108616004)(77096003)(106356001)(77156002)(40100003)(120916001)(99396003)(33646002)(110136001)(19625215002)(20776003)(101416001)(95666004)(99286002)(62966003)(2351001)(19300405004)(450100001)(122556002)(16236675004)(107046002)(105586002)(46102003)(64706001)(107886001)(15975445006)(2656002)(87936001)(19580395003)(76576001)(92566001)(15202345003)(97736003)(74316001)(86362001)(2501002)(54356999)(50986999)(86612001)(3826002)(24736002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0301MB0891;; FPR:; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Content-Type: multipart/alternative; boundary="_000_d51dcf00811740edb16aade02a5d8fe5CY1PR0301MB0892namprd03_"
MIME-Version: 1.0
Subject: Re: [TLS] Downgrade SCSV info
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 13 Nov 2014 03:54:38 -0000

> Right, although it couldn't hurt for the client to try TLS 1.1 next in case
> it sees an inappropriate_fallback alert. (Then in the end you have
> essentially the same outcome as if trying the protocols in decreasing order,
> in the presence of an active attacker forcing you to downgrade.)

When we looked at the fallback to HTTP 1.1, it was just as Martin stated and there were almost 0 times when the connection completed over TLS 1.1.  The 1.1 fallback was a lot of wasted roundtrips and did not provide any value.

I am not sure what a wasted fallback to HTTP 1.1 would provide with SCSV, in that the TLS 1.0 fallback would still result in the inappropriate_fallback before we send any data.