보안/study
tls fallback option
iiliiiili
2021. 8. 27. 17:56
https://wiki.openssl.org/index.php/SSL_MODE_SEND_FALLBACK_SCSV
SSL MODE SEND FALLBACK SCSV - OpenSSLWiki
TLS_FALLBACK_SCSV is a TLS Signaling Cipher Suite Value (SCSV) that can be used to guard against protocol downgrade attacks. The extension can be useful for clients like web browsers, which fall back to a lesser protocol version if attempts to use a higher
wiki.openssl.org
fallback
client 1.0(fallback) -> server 1.2 / 1.1 / 1.0
server 1.0 선택 안됨
client 1.0 - waf 1.3/1.2/1.1 - server 1.0
waf 1.0 선택 시
tls 높은 버전 사용이 가능함에도 하위 버전을 선택할 때 통신 거절 - fallback 옵션