Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. TLS_FALLBACK_SCSV not supported

Author: Government Digital Service

TLS_FALLBACK_SCSV not supported

What this means

TLS_FALLBACK_SCSV (TLS Signaling Cipher Suite Value for Fallback) is a security mechanism that prevents protocol downgrade attacks.

If a server does not support TLS_FALLBACK_SCSV, attackers may force connections to use older, less secure TLS versions.

Why this is a problem

If this mechanism is not implemented, attackers can potentially trick clients into using vulnerable TLS versions (e.g., TLS 1.0 or SSL 3.0).

A lack of TLS_FALLBACK_SCSV implementation can result in connections using outdated cryptographic algorithms.

The absence of security mechanisms can result in non-compliance with security standards like PCI-DSS, and undermines user confidence in the website’s security and privacy practices.

This can be an indication that an older, outdated webserver may be in use.

How to check if the problem is there

There are a number of online tools such as Qualys SSL Labs which can be used to check for the presence of this issue.

How to fix this

TLS_FALLBACK_SCSV is supported in all modern webserver implementations.

Ensure your webserver software versions are running the latest, supported version.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now