How is the TLS Record Layer Version Selected?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

How is the TLS Record Layer Version Selected?

OpenSSL - User mailing list
Hello, how does openSSL determine the Record Layer Version used to initiate a ClientHello message to the server? I believe the determination is made at this level.

When testing using multiple implementations (Python Requests on a Debian machine and `cURL --tlsv1.2 --tls-max 1.2` from macOS) I will seemingly at random see ClientHello messages using TLS Record Layer Version 1.0. The TLS Handshake Protocol remains correctly set at 1.2. The majority of the time the Record Layer Version is 1.2. What could be causing this change in Record Version?

I realize this is a valid message format and that a well configured TLS 1.2 server will accept this. Just trying to get to the bottom of what is causing this behaviour on the client side.

A post showing the Record Version and Handshake Protocol mismatch is here

Thomas
Reply | Threaded
Open this post in threaded view
|

Re: How is the TLS Record Layer Version Selected?

Matt Caswell-2


On 29/10/2020 03:52, Thomas Antonio via openssl-users wrote:

> Hello, how does openSSL determine the Record Layer Version used to
> initiate a ClientHello message to the server? I believe the
> determination is made at this level.
>
> When testing using multiple implementations (Python Requests on a Debian
> machine and `cURL --tlsv1.2 --tls-max 1.2` from macOS) I will seemingly
> at random see ClientHello messages using TLS Record Layer Version 1.0.
> The TLS Handshake Protocol remains correctly set at 1.2. The majority of
> the time the Record Layer Version is 1.2. What could be causing this
> change in Record Version?
>
> I realize this is a valid message format and that a well configured TLS
> 1.2 server will accept this. Just trying to get to the bottom of what is
> causing this behaviour on the client side.
>
> A post showing the Record Version and Handshake Protocol mismatch is here
> https://support.f5.com/csp/article/K53037818

The logic is here:

https://github.com/openssl/openssl/blob/648cf9249e6ec60e0af50d5d903e05244b837cb0/ssl/record/rec_layer_s3.c#L860-L861

And here:

https://github.com/openssl/openssl/blob/648cf9249e6ec60e0af50d5d903e05244b837cb0/ssl/record/rec_layer_s3.c#L882-L891


Basically the record version is never greater than TLSv1.2. If we're in
an initial ClientHello (not a renegotiation or an HRR) and the max
version is > TLSv1.0 then the record version is fixed at TLSv1.0 for the
ClientHello record.

Matt