OpenSSL reports wrong TLS version to FreeRADIUS

Alfred Arnold alfred at
Mon Mar 2 13:15:41 UTC 2020


>I'd like to understand, how does OpenSSL get to the idea of "0304" 
>version, if there is no such a
>byte sequence in the packet...
>My question is: how OpenSSL determines the TLS version? How to debug it?

I don't see any TLS 1.3 in the capture as well, but I see that your client 
is using only outdated (if not to say: historic) cryptographic algorithms: 
RC4, RC2 (never seen that in practice!), 3DES and DES.  And those even 
combined with export options to weaken key strength.  Many modern servers 
are configured to disallow such outdated crypto: make your client use at 

- AES128/256 (either in CBC or GCM mode)
- TLS 1.2
- no export cipher suites

Then you might get a more positive reply from the server...

Best regards

Alfred Arnold

Alfred Arnold                   E-Mail: alfred at
Computer Club at the  
Technical University            Phone: +49-241-406526
of Aachen

More information about the openssl-users mailing list