[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Understanding TLS version that is sent in a Client Hello message

Posted on 2016-08-14
1
Medium Priority
?
136 Views
Last Modified: 2016-09-02
HI,
I typed in https://www.google.com and captured the result in wireshark. Here is a snapshot of client hello packet :
Screen-Shot-2016-08-14-at-10.49.38-P.pngAs i read that in this Client sends the highest TLS version it supports.
But here you see at one place TLS 1.2 is mentioned and at other TLS 1.0 and at top it is TLSv1.2

what does these mean here ?

Thanks
0
Comment
Question by:Rohit Bajaj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 27

Accepted Solution

by:
DrDave242 earned 2000 total points
ID: 41758577
Coincidentally, I noticed this myself just a few days ago while digging through traffic with Wireshark. I was troubleshooting an unrelated issue, so I didn't look into it at the time. I've just done a little more testing, though, and this appears to be normal behavior, as it's doing the same thing on my end:
TLS client hello packet
All of the client hello packets in my test capture look like this. I went looking for more info on this and found something in RFC 5246 (the TLS 1.2 specification) that appears to be relevant. This is from Appendix E, section 1:
Earlier versions of the TLS specification were not fully clear on what the record layer version number (TLSPlaintext.version) should contain when sending ClientHello (i.e., before it is known which version of the protocol will be employed).  Thus, TLS servers compliant with this specification MUST accept any value {03,XX} as the record layer version number for ClientHello.
If I'm interpreting that correctly, it doesn't matter what version the client hello packet specifies in the record layer, as this has no bearing on the version that will be negotiated during the handshake.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
In this article, we’ll look at how to deploy ProxySQL.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question