RFR: 8061798: Add support for TLS_FALLBACK_SCSV

Florian Weimer fweimer at redhat.com
Mon Jan 26 10:04:30 UTC 2015

I have rebased the TLS_FALLBACK_SCSV implementation I submitted in
October 2014 to the current jdk9-dev tree:


The test uses an expired X.509 certificate (which was already part of
the test suite), but this is harmless.

TLS_FALLBACK_SCSV is a bit of a wart, but it seems necessary for feature
parity with other TLS server implementations.

Florian Weimer / Red Hat Product Security

More information about the security-dev mailing list