Suspicious Activity, TLS mismatch errors, Browser Set to Tls v1.3, seeing v1.0 on SSLLabs
Using a personal internet connection, wired only. I have enabled TLS 1.3 for months now, with ZERO issues. Zero middle box problems. Out of the blue, the other day my dnscrypt server was blocked. DoH fixed the problem for the time it lasted. ERR_SSL_VERSION_INTERFERENCE errors began occurring in Chrome and Firefox today. 7 out of 10 attempts to connect to HTTPS sites results in this error. Though I have enabled only TLS 1.2 and up, ssllabs confirms TLS 1.1, 1.0, and SSL3 are all in use as well. The test does not always show the same results, other times it shows only TLS 1.2, and 1.3 in use. TLS connections are also very slow and often fail over and over, making web use a chore. I'm Canadian. Recently our criminal agencies vowed to pass laws to force backdoors into large software vendors and remove vital internet security mechanisms to erode online safety and privacy. Perhaps this has something to do with their criminal activity. I do not want their dirty bloody hands on my credit card information. I am concerned these kinds of attacks may cause malware and other issues, should the streams be vulnerable to tampering and I feel like these phreaks would break into my online bank account and steal my money. I will keep the parasites in check.
Also, looks like my TLS packets are being modified in transit, for example; Wireshark shows the following
Note TLSV1 Record Layer, TLS 1.0, contains TLS 1.2 version within the handshake protocol. What is going on here? I disabled TLS 1.0 in Chrome yet this still gets through. Interestingly "Pale Moon" doesn't result in cipher depreciation. Any idea what is taking place?
Frame 23482: 571 bytes on wire (4568 bits), 571 bytes captured (4568 bits) on interface 0
Internet Protocol Version 4, Src: 192.168.50.241 (192.168.50.241), Dst: 173.194.152.121 (173.194.152.121)
Transmission Control Protocol, Src Port: 50941 (50941), Dst Port: https (443), Seq: 1, Ack: 1, Len: 517
Secure Sockets Layer
TLSv1 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 512
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 508
Version: TLS 1.2 (0x0303)
Random: db373b22e4ed92614a1c8da5cc8a82e96645f383a9fc2c33...
Session ID Length: 32
Session ID: 5e189d6737643c7881af28c7725596ca5466ec8f4fdd8140...
Cipher Suites Length: 24
Cipher Suites (12 suites)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 411
Extension: Reserved (GREASE) (len=0)
Extension: renegotiation_info (len=1)
Extension: server_name (len=37)
Extension: extended_master_secret (len=0)
Extension: SessionTicket TLS (len=0)
Extension: signature_algorithms (len=20)
Extension: status_request (len=5)
Extension: signed_certificate_timestamp (len=0)
Extension: application_layer_protocol_negotiation (len=14)
Extension: ec_point_formats (len=2)
Extension: key_share (len=43)
Extension: psk_key_exchange_modes (len=2)
Extension: supported_versions (len=7)
Extension: supported_groups (len=10)
Extension: Unknown type 27 (len=3)
Extension: Reserved (GREASE) (len=1)
Extension: padding (len=198)
As you can see after setting the flag, min TLS1.2 this is the result from ssllabs: