why am i seeing the `TLS_EMPTY_RENEGOTIATION_INFO_SCSV` in my TLS debug log

Question

I read about it here but it dosent make sense to me that i see it here.

On the Android client Im setting the:

sSLSocket.setEnabledCipherSuites(new          


        

Answer 1

It's a compatibility thing for broken implementations. Your sessions is established using SSL_RSA_WITH_RC4_128_SHA, so there is really no problem. I don't think you can control it via the setEnabledCipherSuites(), it's most probably an integral part of the TLS implementation.