> The user doesn't notice, and the attacker gains some control over the cryptography used.
In my case user will because the tls client wont accept insecure version request. Connection broken. Client will notify the user of server still using a insecure version.
I think this might be the misunderstanding: A good client/server never establish/accept insecure versions.
Yes MITM gets to pick but if he picks insecure version, there is no connection.
POODLE was never attack on the protocol but poor implementations.
One misunderstanding is that you are accepting as fact that TLS 1.2 is secure, when it's entirely plausible that one or more state actors already know that not to be the case.
There's no magic light that goes on when the NSA breaks TLS 1.2 so that we know to stop trusting it.
In my case user will because the tls client wont accept insecure version request. Connection broken. Client will notify the user of server still using a insecure version.
I think this might be the misunderstanding: A good client/server never establish/accept insecure versions.
Yes MITM gets to pick but if he picks insecure version, there is no connection.
POODLE was never attack on the protocol but poor implementations.