How is the TLS Record Layer Version Selected?
Matt Caswell
matt at openssl.org
Thu Oct 29 11:14:20 UTC 2020
On 29/10/2020 03:52, Thomas Antonio via openssl-users wrote:
> Hello, how does openSSL determine the Record Layer Version used to
> initiate a ClientHello message to the server? I believe the
> determination is made at this level.
>
> When testing using multiple implementations (Python Requests on a Debian
> machine and `cURL --tlsv1.2 --tls-max 1.2` from macOS) I will seemingly
> at random see ClientHello messages using TLS Record Layer Version 1.0.
> The TLS Handshake Protocol remains correctly set at 1.2. The majority of
> the time the Record Layer Version is 1.2. What could be causing this
> change in Record Version?
>
> I realize this is a valid message format and that a well configured TLS
> 1.2 server will accept this. Just trying to get to the bottom of what is
> causing this behaviour on the client side.
>
> A post showing the Record Version and Handshake Protocol mismatch is here
> https://support.f5.com/csp/article/K53037818
The logic is here:
https://github.com/openssl/openssl/blob/648cf9249e6ec60e0af50d5d903e05244b837cb0/ssl/record/rec_layer_s3.c#L860-L861
And here:
https://github.com/openssl/openssl/blob/648cf9249e6ec60e0af50d5d903e05244b837cb0/ssl/record/rec_layer_s3.c#L882-L891
Basically the record version is never greater than TLSv1.2. If we're in
an initial ClientHello (not a renegotiation or an HRR) and the max
version is > TLSv1.0 then the record version is fixed at TLSv1.0 for the
ClientHello record.
Matt
More information about the openssl-users
mailing list