OpenSSL reports wrong TLS version to FreeRADIUS

Matt Caswell matt at
Mon Mar 2 13:17:08 UTC 2020

On 02/03/2020 11:28, iilinasi wrote:
> I'd like to understand, how does OpenSSL get to the idea of "0304"
> version, if there is no such a byte sequence in the packet...
> My question is: how OpenSSL determines the TLS version? How to debug it?

Very strange. I have no idea. Looking at the packet in question this
does appear to be a straight forward TLSv1.0 ClientHello. TLSv1.3 would
normally only ever be negotiated if the supported_versions extension is
present, and that extension lists 0304 as one of the supported versions.
But since the extension does not exist in the ClientHello it should be
attempting to use TLSv1.3.

> > Suprisingly, the server reports I'm using unsupported TLS version ?0304?
> (which corresponds to TLS1.3).

Is there any more detail around this? Server logs etc?


More information about the openssl-users mailing list