0

What i have read and understood is that most of the browsers today when establishing a secure connection try TLS first and if the connnection is not made they fallback on SSL v3.

Now consider the following scenario: I access a website over HTTPS, this website has stopped support for SSL v3. First secure connection attempt of my mozilla browser using TLS fails by chance and it falls back on ssl v3. The website does not support ssl v3 so this attempt also fails What happens now: Would my browser give me error saying connection not possible OR Will it again go bback to trying TLS for setting up connection.

vikben
  • 93
  • 9

1 Answers1

1

The browser will not immediately start again with a higher TLS version if the downgrade to a lower version failed, but it will simply give you an error that the connection failed - same as the browser would do if it did not do any downgrades. But the next time you try to connect to the site it will probably retry with a high TLS version again, because it did not have any cached information that it will be successful after downgrade only.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • Thanks for the information. please share if you have an idea on how many times does mozilla try to connect over TLS before downgrading to SSL. – vikben Oct 31 '14 at 06:12
  • 1
    It probably differs between browsers but there is a draft which recommends a [specific behavior](http://tools.ietf.org/html/draft-pettersen-tls-version-rollback-removal-03): first use the best TLS version you can, then try TLS1.0 and then fall back to SSL3.0. – Steffen Ullrich Oct 31 '14 at 06:19