Solved

Understanding TLS version that is sent in a Client Hello message

Posted on 2016-08-14
1
85 Views
Last Modified: 2016-09-02
HI,
I typed in https://www.google.com and captured the result in wireshark. Here is a snapshot of client hello packet :
Screen-Shot-2016-08-14-at-10.49.38-P.pngAs i read that in this Client sends the highest TLS version it supports.
But here you see at one place TLS 1.2 is mentioned and at other TLS 1.0 and at top it is TLSv1.2

what does these mean here ?

Thanks
0
Comment
Question by:Rohit Bajaj
1 Comment
 
LVL 26

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 41758577
Coincidentally, I noticed this myself just a few days ago while digging through traffic with Wireshark. I was troubleshooting an unrelated issue, so I didn't look into it at the time. I've just done a little more testing, though, and this appears to be normal behavior, as it's doing the same thing on my end:
TLS client hello packet
All of the client hello packets in my test capture look like this. I went looking for more info on this and found something in RFC 5246 (the TLS 1.2 specification) that appears to be relevant. This is from Appendix E, section 1:
Earlier versions of the TLS specification were not fully clear on what the record layer version number (TLSPlaintext.version) should contain when sending ClientHello (i.e., before it is known which version of the protocol will be employed).  Thus, TLS servers compliant with this specification MUST accept any value {03,XX} as the record layer version number for ClientHello.
If I'm interpreting that correctly, it doesn't matter what version the client hello packet specifies in the record layer, as this has no bearing on the version that will be negotiated during the handshake.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Let’s list some of the technologies that enable smooth teleworking. 
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question