[openssl-users] SSL error “inappropriate fallback” and TLS_FALLBACK_SCSV

Salz, Rich rsalz at akamai.com
Thu Jun 1 19:18:31 UTC 2017

> What I find surprising is the rate of these errors. For every 100 legitimate
> HTTP requests that make it to Nginx, I get 2.5 “inappropriate fallback” SSL
> errors. That's a lot of noise.
> I guess I'll have to adjust my expectations.

That's not out of line with other measurements I've been told.
> Related question: assuming the lists of TLS protocol versions and ciphers I've
> enabled in Nginx are indeed exactly the same as the default TLS policy in an
> AWS ALB, the errors I see now logged by Nginx should be, more or less, the
> same population of errors I saw reflected in the ALB metrics before, right?

Not necessarily.  The network connectivity could be a very large influence.

More information about the openssl-users mailing list