Where can I find the TLS version that is being sent from the client through the ClientHello to the server? [closed]

asked 2018-10-02 14:23:47 +0000

anonymous user


I am a bit confused where exactly to get the TLS version value that is sent in the ClientHello from? Wireshark has three places where versions appear, and they are not unified in a single handshake.

There is a version under the the "record", under the "handshake", and one in the "Protocol" in the view. I strongly believe that the handshake version is the one being negotiated. However, which version is the one that appears in the "Protocol" column in the view? What affects this value? Also what does affect the version in the "record"?

edit retag flag offensive reopen merge delete

Closed for the following reason duplicate question by Lekensteyn
close date 2018-10-12 11:58:22.868825


See the answer by @Lekensteyn to this question.

grahamb gravatar imagegrahamb ( 2018-10-02 14:32:21 +0000 )edit

This is different than my question. I am talking about TLSv1.2 and below. My client does not support TLSv1.3.

anon gravatar imageanon ( 2018-10-02 14:45:22 +0000 )edit

The first part of the answer discusses the version values used for TLS 1.2 and earlier.

grahamb gravatar imagegrahamb ( 2018-10-02 15:24:43 +0000 )edit

This question is answered by the question linked by Graham.

Lekensteyn gravatar imageLekensteyn ( 2018-10-12 11:59:01 +0000 )edit