I only have TLS1 > enabled on my site so I'm a little surprised my sites report is listing TLS fallback SCSV not supported. Isn't this only a problem if a downgrade to SSLv3 is possible?
also fallback from TLS 1.2 > 1.0 could be malice.
So you need TLS fallback SCSV or only support a single Suite like TLS 1.2 only (disable also TLS 1.1 and 1.0)
If you have more than one TLS Protocol Version you need to have TLS_FALLBACK_SCSV support.
This is an special ciphersuite send by the client if he thinks that he speak the server highest supported protocol.
The server answer with an alert if this is not the case. This is used to detect downgrade attacks. And not related
only to SSLv3.
Retrieving data ...