Ask Your Question
0

Suspicious Activity, TLS mismatch errors, Browser Set to Tls v1.3, seeing v1.0 on SSLLabs

asked 2018-09-13 08:52:47 +0000

duga120 gravatar image

updated 2018-09-13 10:18:18 +0000

grahamb gravatar image

Using a personal internet connection, wired only. I have enabled TLS 1.3 for months now, with ZERO issues. Zero middle box problems. Out of the blue, the other day my dnscrypt server was blocked. DoH fixed the problem for the time it lasted. ERR_SSL_VERSION_INTERFERENCE errors began occurring in Chrome and Firefox today. 7 out of 10 attempts to connect to HTTPS sites results in this error. Though I have enabled only TLS 1.2 and up, ssllabs confirms TLS 1.1, 1.0, and SSL3 are all in use as well. The test does not always show the same results, other times it shows only TLS 1.2, and 1.3 in use. TLS connections are also very slow and often fail over and over, making web use a chore. I'm Canadian. Recently our criminal agencies vowed to pass laws to force backdoors into large software vendors and remove vital internet security mechanisms to erode online safety and privacy. Perhaps this has something to do with their criminal activity. I do not want their dirty bloody hands on my credit card information. I am concerned these kinds of attacks may cause malware and other issues, should the streams be vulnerable to tampering and I feel like these phreaks would break into my online bank account and steal my money. I will keep the parasites in check.

Also, looks like my TLS packets are being modified in transit, for example; Wireshark shows the following

Note TLSV1 Record Layer, TLS 1.0, contains TLS 1.2 version within the handshake protocol. What is going on here? I disabled TLS 1.0 in Chrome yet this still gets through. Interestingly "Pale Moon" doesn't result in cipher depreciation. Any idea what is taking place?

Frame 23482: 571 bytes on wire (4568 bits), 571 bytes captured (4568 bits) on interface 0
Internet Protocol Version 4, Src: 192.168.50.241 (192.168.50.241), Dst: 173.194.152.121 (173.194.152.121)
Transmission Control Protocol, Src Port: 50941 (50941), Dst Port: https (443), Seq: 1, Ack: 1, Len: 517
Secure Sockets Layer
    TLSv1 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 512
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 508
            Version: TLS 1.2 (0x0303)
            Random: db373b22e4ed92614a1c8da5cc8a82e96645f383a9fc2c33...
            Session ID Length: 32
            Session ID: 5e189d6737643c7881af28c7725596ca5466ec8f4fdd8140...
            Cipher Suites Length: 24
            Cipher Suites (12 suites)
            Compression Methods Length: 1
            Compression Methods (1 method)
            Extensions Length: 411
            Extension: Reserved (GREASE) (len=0)
            Extension: renegotiation_info (len=1)
            Extension: server_name (len=37)
            Extension: extended_master_secret (len=0)
            Extension: SessionTicket TLS (len=0)
            Extension: signature_algorithms (len=20)
            Extension: status_request (len=5)
            Extension: signed_certificate_timestamp (len=0)
            Extension: application_layer_protocol_negotiation (len=14)
            Extension: ec_point_formats (len=2)
            Extension: key_share (len=43)
            Extension: psk_key_exchange_modes (len=2)
            Extension: supported_versions (len=7)
            Extension: supported_groups (len=10)
            Extension: Unknown type 27 (len=3)
            Extension: Reserved (GREASE) (len=1)
            Extension: padding (len=198)
edit retag flag offensive close merge delete

Comments

As you can see after setting the flag, min TLS1.2 this is the result from ssllabs:

image description

duga120 gravatar imageduga120 ( 2018-09-13 11:25:56 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
2

answered 2018-09-18 17:01:38 +0000

Lekensteyn gravatar image

updated 2018-10-12 12:02:57 +0000

The TLS Client Hello (and Server Hello) have three version fields with the following meanings until TLS 1.2:

  • Record version: the minimum supported TLS version: TLS 1.0.
  • Handshake messages:
    • Client Hello: the maximum supported TLS version (TLS 1.2) by the client.
    • Server Hello: the actual agreed TLS version (as selected by the server).

If the server does not support the version, it does not send a Server Hello message but a fatal alert message following by connection closure. (Some broken servers do not even send this alert message and just send a TCP reset instead.)

Since TLS 1.3, the Record version MUST be set to "TLS 1.2" (0x0303) but MAY be set to "TLS 1.0" (0x0301) for compatibility purposes. Even if a lower "minimum version" is advertised, the client or server might decide to abort the connection anyway if it deems that the parameters (version, cipher, certificate, etc.) are unacceptable.

Furthermore, to negotiate TLS 1.3, neither version field in the Client/Server Hello message is used (both MUST be set to "TLS 1.2"). Instead, the "supported_versions" TLS extension is used to advertise a list of supported versions (in Client Hello) or agree on a version (in the Server Hello). This special extension is used precisely due to the existence of "middleboxes" that would choke otherwise.

Be also aware that the final TLS 1.3 version was only recently released as RFC 8446. Even if you have enabled "TLS 1.3" in your web browser, it could be the case that your client only supports an older draft version instead of the final version. In that case, servers which only support the final version will not negotiate TLS 1.3.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-09-13 08:52:47 +0000

Seen: 5,755 times

Last updated: Oct 12 '18