Solved

Understanding TLS version that is sent in a Client Hello message

Posted on 2016-08-14
1
66 Views
Last Modified: 2016-09-02
HI,
I typed in https://www.google.com and captured the result in wireshark. Here is a snapshot of client hello packet :
Screen-Shot-2016-08-14-at-10.49.38-P.pngAs i read that in this Client sends the highest TLS version it supports.
But here you see at one place TLS 1.2 is mentioned and at other TLS 1.0 and at top it is TLSv1.2

what does these mean here ?

Thanks
0
Comment
Question by:Rohit Bajaj
1 Comment
 
LVL 25

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 41758577
Coincidentally, I noticed this myself just a few days ago while digging through traffic with Wireshark. I was troubleshooting an unrelated issue, so I didn't look into it at the time. I've just done a little more testing, though, and this appears to be normal behavior, as it's doing the same thing on my end:
TLS client hello packet
All of the client hello packets in my test capture look like this. I went looking for more info on this and found something in RFC 5246 (the TLS 1.2 specification) that appears to be relevant. This is from Appendix E, section 1:
Earlier versions of the TLS specification were not fully clear on what the record layer version number (TLSPlaintext.version) should contain when sending ClientHello (i.e., before it is known which version of the protocol will be employed).  Thus, TLS servers compliant with this specification MUST accept any value {03,XX} as the record layer version number for ClientHello.
If I'm interpreting that correctly, it doesn't matter what version the client hello packet specifies in the record layer, as this has no bearing on the version that will be negotiated during the handshake.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now