Solved

Understanding TLS version that is sent in a Client Hello message

Posted on 2016-08-14
1
115 Views
Last Modified: 2016-09-02
HI,
I typed in https://www.google.com and captured the result in wireshark. Here is a snapshot of client hello packet :
Screen-Shot-2016-08-14-at-10.49.38-P.pngAs i read that in this Client sends the highest TLS version it supports.
But here you see at one place TLS 1.2 is mentioned and at other TLS 1.0 and at top it is TLSv1.2

what does these mean here ?

Thanks
0
Comment
Question by:Rohit Bajaj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 26

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 41758577
Coincidentally, I noticed this myself just a few days ago while digging through traffic with Wireshark. I was troubleshooting an unrelated issue, so I didn't look into it at the time. I've just done a little more testing, though, and this appears to be normal behavior, as it's doing the same thing on my end:
TLS client hello packet
All of the client hello packets in my test capture look like this. I went looking for more info on this and found something in RFC 5246 (the TLS 1.2 specification) that appears to be relevant. This is from Appendix E, section 1:
Earlier versions of the TLS specification were not fully clear on what the record layer version number (TLSPlaintext.version) should contain when sending ClientHello (i.e., before it is known which version of the protocol will be employed).  Thus, TLS servers compliant with this specification MUST accept any value {03,XX} as the record layer version number for ClientHello.
If I'm interpreting that correctly, it doesn't matter what version the client hello packet specifies in the record layer, as this has no bearing on the version that will be negotiated during the handshake.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Make the most of your online learning experience.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seveā€¦

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question