Revision history [back]

The TLS Client Hello (and Server Hello) have three version fields with the following meanings until TLS 1.2:

• Record version: the minimum supported TLS version: TLS 1.0
• Handshake messages:
  • Client Hello: the maximum supported TLS version (TLS 1.2)
  • Server Hello: the mutually supported TLS version

Since TLS 1.3, te Record version MUST be set to "TLS 1.2" (0x0303) but MAY be set to "TLS 1.0" (0x0301) for compatibility purposes. Even if a lower "minimum version" is advertised, the client or server might decide to abort the connection anyway if it deems that the parameters (version, cipher, certificate, etc.) are unacceptable.

Furthermore, to negotiate TLS 1.3, neither version field in the Client/Server Hello message is used (both MUST be set to "TLS 1.2"). Instead, the "supported_versions" TLS extension is used to advertise a list of supported versions (in Client Hello) or agree on a version (in the Server Hello). This special extension is used precisely due to the existence of "middleboxes" that would choke otherwise.

Be also aware that the final TLS 1.3 version was only recently released as RFC 8446. Even if you have enabled "TLS 1.3" in your web browser, it could be the case that your client only supports an older draft version instead of the final version. In that case, servers which only support the final version will not negotiate TLS 1.3.

The TLS Client Hello (and Server Hello) have three version fields with the following meanings until TLS 1.2:

• Record version: the minimum minimum supported TLS version: TLS 1.01.0.
• Handshake messages:
  • Client Hello: the maximum supported TLS version (TLS 1.2)1.2) by the client.
  • Server Hello: the mutually supported TLS versionactual agreed TLS version (as selected by the server).

If the server does not support the version, it does not send a Server Hello message but a fatal alert message following by connection closure. (Some broken servers do not even send this alert message and just send a TCP reset instead.)

Since TLS 1.3, te the Record version MUST be set to "TLS 1.2" (0x0303) but MAY be set to "TLS 1.0" (0x0301) for compatibility purposes. Even if a lower "minimum version" is advertised, the client or server might decide to abort the connection anyway if it deems that the parameters (version, cipher, certificate, etc.) are unacceptable.

Furthermore, to negotiate TLS 1.3, neither version field in the Client/Server Hello message is used (both MUST be set to "TLS 1.2"). Instead, the "supported_versions" TLS extension is used to advertise a list of supported versions (in Client Hello) or agree on a version (in the Server Hello). This special extension is used precisely due to the existence of "middleboxes" that would choke otherwise.

Be also aware that the final TLS 1.3 version was only recently released as RFC 8446. Even if you have enabled "TLS 1.3" in your web browser, it could be the case that your client only supports an older draft version instead of the final version. In that case, servers which only support the final version will not negotiate TLS 1.3.