TLS to SSLv3 Downgrade

christypriory · January 15, 2018, 10:42am

I have an Android app that will connect to a server with TLS 1.2. The server also supports SSLv3. I would like to know if it’s possible to configure MITM Proxy that will downgrade the connection from TLS 1.2 to SSLv3.

mhils · January 15, 2018, 12:57pm

Hi @christypriory,

You can do a man-in-the-middle attack and have a SSLv3 connection between mitmproxy and the server, but that’s generally not recommended of course. There are no known downgrade attacks for TLS 1.2 to SSLv3.

Topic		Replies	Views
Tls1.1 to 1.2 help	0	1247	August 1, 2019
Try to run old app with TLSv1.0 only against TLSv1.1+ only server help	1	1470	March 14, 2018
Struggling with TLS help	3	8054	April 9, 2018
"sslv3 alert handshake failure" - How to find out what's causing this help	1	3603	March 23, 2018
TLSv1.0 only enabled help	7	1570	May 17, 2018

TLS to SSLv3 Downgrade

Related Topics