According to the info I found, TLS_FALLBACK_SCSV is provided since openssl-1.0.1e-30, and should therefore prevent any openssl fallback exploit.
For some reason, even though the correct version of OpenSSL is installed (openssl-1.0.1e-30.el6.8.x86_64), and Apache is properly configured and was restarted, this simple test fails:
Code: Select all
openssl s_client -servername www.example.com -connect www.example.com:443 -fallback_scsv -tls1_1
Code: Select all
139919444293448:error:1409443E:SSL routines:SSL3_READ_BYTES:tlsv1 alert inappropriate fallback:s3_pkt.c:1259:SSL alert number 86
This is quite a boggling situation, since a very similar server of mine (they are both running CentOS 6.6), with the exact same OpenSSL version does react in the proper way, by rejecting, with the error message above, the fallback request.
What is happening?
Thanks.