Solved

Understanding TLS version that is sent in a Client Hello message

Posted on 2016-08-14
1
104 Views
Last Modified: 2016-09-02
HI,
I typed in https://www.google.com and captured the result in wireshark. Here is a snapshot of client hello packet :
Screen-Shot-2016-08-14-at-10.49.38-P.pngAs i read that in this Client sends the highest TLS version it supports.
But here you see at one place TLS 1.2 is mentioned and at other TLS 1.0 and at top it is TLSv1.2

what does these mean here ?

Thanks
0
Comment
Question by:Rohit Bajaj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 26

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 41758577
Coincidentally, I noticed this myself just a few days ago while digging through traffic with Wireshark. I was troubleshooting an unrelated issue, so I didn't look into it at the time. I've just done a little more testing, though, and this appears to be normal behavior, as it's doing the same thing on my end:
TLS client hello packet
All of the client hello packets in my test capture look like this. I went looking for more info on this and found something in RFC 5246 (the TLS 1.2 specification) that appears to be relevant. This is from Appendix E, section 1:
Earlier versions of the TLS specification were not fully clear on what the record layer version number (TLSPlaintext.version) should contain when sending ClientHello (i.e., before it is known which version of the protocol will be employed).  Thus, TLS servers compliant with this specification MUST accept any value {03,XX} as the record layer version number for ClientHello.
If I'm interpreting that correctly, it doesn't matter what version the client hello packet specifies in the record layer, as this has no bearing on the version that will be negotiated during the handshake.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question