Is TLS_FALLBACK_SCSV extension required to be enabled?

search cancel

Is TLS_FALLBACK_SCSV extension required to be enabled?

book

Article ID: 372577

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Vulnerability SSL scans might find that App Control version of OpenSSL does not have TLS_FALLBACK_SCSV extension enabled, but is it necessary?

Environment

App Control Server: All Supported Versions
OpenSSL: All Supported Versions
Microsoft Windows: All Versions

Resolution

No, TLS_FALLBACK_SCSV extension is not required and its expected that TLS protocols 1.2 and higher are the only protocols that should be enabled on the App Control Server.

Additional Information

https://wiki.openssl.org/index.php/SSL_MODE_SEND_FALLBACK_SCSV
App Control Server OER

Feedback

thumb_up Yes

thumb_down No