We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Per @agl, Go 1.5 should have FALLBACK_SCSV support.
The text was updated successfully, but these errors were encountered:
Specifically, support in the TLS client. The server got support in e5624ed.
Sorry, something went wrong.
Hmm, now I'm confused. From the release notes:
(The Go client does not support fallback at all, so it is not vulnerable to those attacks.)
Hey cool, it looks like I landed this in 1.4 in the form of e5624ed so it's already done.
on a related note, a bug that broke TLS_FALLBACK_SCSV out-of-the-box was fixed today: https://go-review.googlesource.com/#/c/1776/
TLS_FALLBACK_SCSV
In order to make this work on 1.4, you need to specify a MaxVersion in your tls.Config.
MaxVersion
tls.Config
No branches or pull requests
Per @agl, Go 1.5 should have FALLBACK_SCSV support.
The text was updated successfully, but these errors were encountered: