OpenSSL reports wrong TLS version to FreeRADIUS
Alfred Arnold
alfred at ccac.rwth-aachen.de
Mon Mar 2 13:15:41 UTC 2020
Hi,
>I'd like to understand, how does OpenSSL get to the idea of "0304"
>version, if there is no such a
>byte sequence in the packet...
>My question is: how OpenSSL determines the TLS version? How to debug it?
I don't see any TLS 1.3 in the capture as well, but I see that your client
is using only outdated (if not to say: historic) cryptographic algorithms:
RC4, RC2 (never seen that in practice!), 3DES and DES. And those even
combined with export options to weaken key strength. Many modern servers
are configured to disallow such outdated crypto: make your client use at
least
- AES128/256 (either in CBC or GCM mode)
- TLS 1.2
- no export cipher suites
Then you might get a more positive reply from the server...
Best regards
Alfred Arnold
--
Alfred Arnold E-Mail: alfred at ccac.rwth-aachen.de
Computer Club at the http://john.ccac.rwth-aachen.de:8000/alf/
Technical University Phone: +49-241-406526
of Aachen
More information about the openssl-users
mailing list