0

I am using a TLS 1.3 enabled server (windows 2022) as the client (running my application on the server) and trying to communicate with a 2012 Windows server that is TLS 1.2 enabled.

The initial client hello protocol keeps showing TLSv1 in Wire Shark despite it being enabled for TLS 1.3 and TLS 1.2.

Please advise on what might be missing on the server.

user282171
  • 1
  • In short: look at `supported_version` extension in the ClientHello instead. – Steffen Ullrich Aug 29 '22 at 15:37
  • I do see the TLS 1.3 in the supported_version extension. – user282171 Aug 29 '22 at 16:00
  • Are you looking at version of the _record_ containing ClientHello rather than the now-two versions IN the ClientHello message (one in the fixed part and one in the extension)? If so read rfc8446 section 5.1 where it says record_version of initial ClientHello MAY be 0x0301 (i.e.. TLSv1.0) and then in text says it SHOULD do so "to maximize backward compatibility". Browsers typically try to maximize backward compatibility, and users mostly want them to do so. – dave_thompson_085 Aug 30 '22 at 00:39
  • As I am seeing the supported versions extension with tls 1.3 listed, is it safe to assume the client is trying to make TLS1.3 connection even though the protocol in wireshark says Tlsv1 or Tlsv1.2? – user282171 Aug 31 '22 at 12:31

0 Answers0