What is this protocl version sent in the TLS supported_versions extension?

asked 2020-11-29 17:35:40 +0000

qa gravatar image

Hi, I am inspecting TLS client hello for a simple connection using Chrome Version 85.0.4183.83 (Official Build) (64-bit). There is unexpected version labeled as "unknown" with a strange code number. I know of TLS versions and their numbers are noted in the standard. I looked at the strange version number and could not figure it out. Can anyone help me identify what is this unknown version number for? Does Chrome do this for any purpose?

This is the version:

Supported Version: Unknown (0x3a3a)

See this screenshot: https://i.imgur.com/NT70mRg.png

edit retag flag offensive close merge delete


draft-ietf-tls-grease-01 - "This document describes GREASE (Generate Random Extensions And Sustain Extensibility), a mechanism to prevent extensibility failures in the TLS ecosystem."

What version of Wireshark are you running?

Chuckc gravatar imageChuckc ( 2020-11-29 17:51:20 +0000 )edit

Wireshark version: Version 2.6.10 (Git v2.6.10 packaged as 2.6.10-1~ubuntu18.04.0) Why? Is there anything related to the Wireshark version?

qa gravatar imageqa ( 2020-11-29 18:21:16 +0000 )edit

Support for GREASE was added several years ago.
TLS: Add Reserved Extension type from GREASE
Can you open your capture with a newer version of Wireshark (maybe on a different machine) to verify the decode works now? If that works then building a newer version on Ubuntu might help.

Chuckc gravatar imageChuckc ( 2020-11-29 18:50:20 +0000 )edit