Re: I wonder
It would require a tremendous stretch to believe any of these were plants. One (support for TLS_FALLBACK_SCSV) is in fact a new feature; it isn't a "fix" by any definition. Of the other three, two are DoS issues, which are of very low value to the SIGINT community.
The last could have some SIGINT utility, since getting a product to downgrade to SSLv3 leaves it open to decryption attacks like POODLE and BEAST (when using a block cipher) or RC4 bias exploitation. But few OpenSSL installations use a version built with --no-ssl3, so on the whole it'd be a very low-value attack. If a SIGINT agency had an opportunity to sneak a flaw into the OpenSSL sources, they could do much better.
Biting the hand that feeds IT
