+#Test 4: Client falls back from TLSv1.3 (server does not support the fallback
+# SCSV)
+$proxy->clear();
+$testtype = FALLBACK_FROM_TLS_1_3;
+$proxy->clientflags("-fallback_scsv -no_tls1_3");
+$proxy->start();
+my $alert = TLSProxy::Message->alert();
+ok(TLSProxy::Message->fail()
+ && !$alert->server()
+ && $alert->description() == TLSProxy::Message::AL_DESC_ILLEGAL_PARAMETER,
+ "Fallback from TLSv1.3");
+
+SKIP: {
+ skip "TLSv1.1 disabled", 2 if disabled("tls1_1");
+ #Test 5: A client side protocol "hole" should not be detected as a downgrade
+ $proxy->clear();
+ $proxy->filter(undef);
+ $proxy->clientflags("-no_tls1_2");
+ $proxy->start();
+ ok(TLSProxy::Message->success(), "TLSv1.2 client-side protocol hole");
+
+ #Test 6: A server side protocol "hole" should not be detected as a downgrade
+ $proxy->clear();
+ $proxy->filter(undef);
+ $proxy->serverflags("-no_tls1_2");
+ $proxy->start();
+ ok(TLSProxy::Message->success(), "TLSv1.2 server-side protocol hole");
+}
+