OpenSSL reports wrong TLS version to FreeRADIUS

Matt Caswell matt at openssl.org
Mon Mar 2 13:17:08 UTC 2020



On 02/03/2020 11:28, iilinasi wrote:
> I'd like to understand, how does OpenSSL get to the idea of "0304"
> version, if there is no such a byte sequence in the packet...
> My question is: how OpenSSL determines the TLS version? How to debug it?
> 

Very strange. I have no idea. Looking at the packet in question this
does appear to be a straight forward TLSv1.0 ClientHello. TLSv1.3 would
normally only ever be negotiated if the supported_versions extension is
present, and that extension lists 0304 as one of the supported versions.
But since the extension does not exist in the ClientHello it should be
attempting to use TLSv1.3.

> > Suprisingly, the server reports I'm using unsupported TLS version ?0304?
> (which corresponds to TLS1.3).

Is there any more detail around this? Server logs etc?

Matt



More information about the openssl-users mailing list