[Bug 57464] New: Please support for TLS Fallback SCSV

bugzilla Mon, 19 Jan 2015 05:33:49 -0800

https://issues.apache.org/bugzilla/show_bug.cgi?id=57464


            Bug ID: 57464
           Summary: Please support for TLS Fallback SCSV
           Product: Tomcat 7
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Connectors
          Assignee: [email protected]
          Reporter: [email protected]

https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv

https://www.ssllabs.com/ssltest/analyze.html?d=issues.apache.org complains
about 
"Downgrade attack prevention     No, TLS_FALLBACK_SCSV not supported (more
info)", but Mark expressed reluctance to do so as per
http://mail-archives.apache.org/mod_mbox/tomcat-users/201412.mbox/%[email protected]%3E

On the other hand - it wouldn't really hurt to support it?
Or is ssllabs with its warning "off the map"?

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 57464] New: Please support for TLS Fallback SCSV

Reply via email to