Internet Explorer should send TLS_FALLBACK_SCSV

By design Issue #957397

Details

Created
Oct 16, 2014
Privacy
This issue is public.
Reports
Reported by 0 people

Sign in to watch or report this issue.

Steps to reproduce

URL:

Repro Steps:

Use Fiddler or another tool to kill TLS1.2 connections. Watch fallback. Observe that the retried connections use a lower protocol version without TLS_FALLBACK_SCSV

Expected Results:

IE sends TLS_FALLBACK_SCSV if retrying an earlier HTTPS version.

http://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Actual Results:

Dev Channel specific:

No

Attachments

0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “Tony S.”

      Changed Assigned To to “Venkat K.”

      Changed Assigned To from “Venkat K.” to “Mike B.”

      Changed Assigned To from “Mike B.” to “IE F.”

      Changed Status to “By design”

      Changed Assigned To from “IE F.” to “Ivan P.”

      Changed Assigned To from “Ivan P.” to “Louis S.”

      Changed Assigned To from “Louis S.” to “David W.”

      Changed Assigned To from “David W.” to “Louis S.”

    You need to sign in to your Microsoft account to add a comment.

    Sign in