TLS_FALLBACK_SCSV and A+

ssllabs / ssllabs-scan

A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.

https://www.ssllabs.com/projects/ssllabs-apis/

Apache License 2.0

1.69k stars 240 forks source link

TLS_FALLBACK_SCSV and A+ #966

Open Aethedor opened 1 week ago

Aethedor commented 1 week ago

In the SSL Server Rating Guide, I see that a A+ is not rewarded to servers that don’t support TLS_FALLBACK_SCSV. My server (www.cauldron-vtt.net) doesn't support TLS_FALLBACK_SCSV, but it also doesn't support TLS v1.1 and lower. From my understanding, TLS_FALLBACK_SCSV is only for fallback from TLS v1.2 to lower. So, there is no point in supporting TLS_FALLBACK_SCSV when a server only supports TLS v1.2 and higher. Not rewarding an A+ should therefore not be done on this, right?

ArchangeGabriel commented 4 days ago

Related: #949, #930, #910, #863, #853, #815, #786, #711.