Ask Your Question
0

Suspicious Activity, TLS mismatch errors, Browser Set to Tls v1.3, seeing v1.0 on SSLLabs

asked 2018-09-13 08:52:47 +0000

duga120 gravatar image

updated 2018-09-13 10:18:18 +0000

grahamb gravatar image

Using a personal internet connection, wired only. I have enabled TLS 1.3 for months now, with ZERO issues. Zero middle box problems. Out of the blue, the other day my dnscrypt server was blocked. DoH fixed the problem for the time it lasted. ERR_SSL_VERSION_INTERFERENCE errors began occurring in Chrome and Firefox today. 7 out of 10 attempts to connect to HTTPS sites results in this error. Though I have enabled only TLS 1.2 and up, ssllabs confirms TLS 1.1, 1.0, and SSL3 are all in use as well. The test does not always show the same results, other times it shows only TLS 1.2, and 1.3 in use. TLS connections are also very slow and often fail over and over, making web use a chore. I'm Canadian. Recently our criminal agencies vowed to pass laws to force backdoors into large software vendors and remove vital internet security mechanisms to erode online safety and privacy. Perhaps this has something to do with their criminal activity. I do not want their dirty bloody hands on my credit card information. I am concerned these kinds of attacks may cause malware and other issues, should the streams be vulnerable to tampering and I feel like these phreaks would break into my online bank account and steal my money. I will keep the parasites in check.

Also, looks like my TLS packets are being modified in transit, for example; Wireshark shows the following

Note TLSV1 Record Layer, TLS 1.0, contains TLS 1.2 version within the handshake protocol. What is going on here? I disabled TLS 1.0 in Chrome yet this still gets through. Interestingly "Pale Moon" doesn't result in cipher depreciation. Any idea what is taking place?

Frame 23482: 571 bytes on wire (4568 bits), 571 bytes captured (4568 bits) on interface 0
Internet Protocol Version 4, Src: 192.168.50.241 (192.168.50.241), Dst: 173.194.152.121 (173.194.152.121)
Transmission Control Protocol, Src Port: 50941 (50941), Dst Port: https (443), Seq: 1, Ack: 1, Len: 517
Secure Sockets Layer
    TLSv1 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 512
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 508
            Version: TLS 1.2 (0x0303)
            Random: db373b22e4ed92614a1c8da5cc8a82e96645f383a9fc2c33...
            Session ID Length: 32
            Session ID: 5e189d6737643c7881af28c7725596ca5466ec8f4fdd8140...
            Cipher Suites Length: 24
            Cipher Suites (12 suites)
            Compression Methods Length: 1
            Compression Methods (1 method)
            Extensions Length: 411
            Extension: Reserved (GREASE) (len=0)
            Extension: renegotiation_info (len=1)
            Extension: server_name (len=37)
            Extension: extended_master_secret (len=0)
            Extension: SessionTicket TLS (len=0)
            Extension: signature_algorithms (len=20)
            Extension: status_request (len=5)
            Extension: signed_certificate_timestamp (len=0)
            Extension: application_layer_protocol_negotiation (len=14)
            Extension: ec_point_formats (len=2)
            Extension: key_share (len=43)
            Extension: psk_key_exchange_modes (len=2)
            Extension: supported_versions (len=7)
            Extension: supported_groups (len=10)
            Extension: Unknown type 27 (len=3)
            Extension: Reserved (GREASE) (len=1)
            Extension: padding (len=198)
edit retag flag offensive close merge delete

Comments

As you can see after setting the flag, min TLS1.2 this is the result from ssllabs:

image description

duga120 gravatar imageduga120 ( 2018-09-13 11:25:56 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
2

answered 2018-09-18 17:01:38 +0000

Lekensteyn gravatar image

updated 2018-10-12 12:02:57 +0000

The TLS Client Hello (and Server Hello) have three version fields with the following meanings until TLS 1.2:

  • Record version: the minimum supported TLS version: TLS 1.0.
  • Handshake messages:
    • Client Hello: the maximum supported TLS version (TLS 1.2) by the client.
    • Server Hello: the actual agreed TLS version (as selected by the server).

If the server does not support the version, it does not send a Server Hello message but a fatal alert message following by connection closure. (Some broken servers do not even send this alert message and just send a TCP reset instead.)

Since TLS 1.3, the Record version MUST be set to "TLS 1.2" (0x0303) but MAY be set to "TLS 1.0" (0x0301) for compatibility purposes. Even if a lower "minimum version" is advertised, the client or server might decide to abort the connection anyway if it deems that the parameters (version, cipher, certificate, etc.) are unacceptable.

Furthermore, to negotiate TLS 1.3, neither version field in the Client/Server Hello message is used (both MUST be set to "TLS 1.2"). Instead, the "supported_versions" TLS extension is used to advertise a list of supported versions (in Client Hello) or agree on a version (in the Server Hello). This special extension is used precisely due to the existence of "middleboxes" that would choke otherwise.

Be also aware that the final TLS 1.3 version was only recently released as RFC 8446. Even if you have enabled "TLS 1.3" in your web browser, it could be the case that your client only supports an older draft version instead of the final version. In that case, servers which only support the final version will not negotiate TLS 1.3.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-09-13 08:52:47 +0000

Seen: 5,250 times

Last updated: Oct 12 '18

Related questions

My TLS client initiate an unexpected ClientHello to a domain

What is this protocl version sent in the TLS supported_versions extension?

How to identify which value is the ECDHE group (g).

How to get TLSv1.2 to decode

How to verify what protocol was used in an encrypted file transfer?

SSL/TLS Handshake Immediately Fails

Can't capture TLS certificate

How can I extract parameters from pcap

Does Wireshark support TLS 1.3?

How can I decode TLS that uses DH?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2