How is the TLS Record Layer Version Selected?
Thomas Antonio
thomas at ada.support
Thu Oct 29 03:52:29 UTC 2020
Hello, how does openSSL determine the Record Layer Version used to initiate
a ClientHello message to the server? I believe the determination is made at
this level.
When testing using multiple implementations (Python Requests on a Debian
machine and `cURL --tlsv1.2 --tls-max 1.2` from macOS) I will seemingly at
random see ClientHello messages using TLS Record Layer Version 1.0. The TLS
Handshake Protocol remains correctly set at 1.2. The majority of the time
the Record Layer Version is 1.2. What could be causing this change in
Record Version?
I realize this is a valid message format and that a well configured TLS 1.2
server will accept this. Just trying to get to the bottom of what is
causing this behaviour on the client side.
A post showing the Record Version and Handshake Protocol mismatch is here
https://support.f5.com/csp/article/K53037818
Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201028/353290ee/attachment.html>
More information about the openssl-users
mailing list