Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2018-09-13 08:52:47 +0000

duga120 gravatar image

Suspicious Activity, TLS mismatch errors, Browser Set to Tls v1.3, seeing v1.0 on SSLLabs

Using a personal internet connection, wired only. I have enabled TLS 1.3 for months now, with ZERO issues. Zero middle box problems. Out of the blue, the other day my dnscrypt server was blocked. DoH fixed the problem for the time it lasted. ERR_SSL_VERSION_INTERFERENCE errors began occurring in Chrome and Firefox today. 7 out of 10 attempts to connect to HTTPS sites results in this error. Though I have enabled only TLS 1.2 and up, ssllabs confirms TLS 1.1, 1.0, and SSL3 are all in use as well. The test does not always show the same results, other times it shows only TLS 1.2, and 1.3 in use. TLS connections are also very slow and often fail over and over, making web use a chore. I'm Canadian. Recently our criminal agencies vowed to pass laws to force backdoors into large software vendors and remove vital internet security mechanisms to erode online safety and privacy. Perhaps this has something to do with their criminal activity. I do not want their dirty bloody hands on my credit card information. I am concerned these kinds of attacks may cause malware and other issues, should the streams be vulnerable to tampering and I feel like these phreaks would break into my online bank account and steal my money. I will keep the parasites in check.

Also, looks like my TLS packets are being modified in transit, for example; Wireshark shows the following

Note TLSV1 Record Layer, TLS 1.0, contains TLS 1.2 version within the handshake protocol. What is going on here? I disabled TLS 1.0 in Chrome yet this still gets through. Interestingly "Pale Moon" doesn't result in cipher depreciation. Any idea what is taking place?

Frame 23482: 571 bytes on wire (4568 bits), 571 bytes captured (4568 bits) on interface 0
Internet Protocol Version 4, Src: 192.168.50.241 (192.168.50.241), Dst: 173.194.152.121 (173.194.152.121)
Transmission Control Protocol, Src Port: 50941 (50941), Dst Port: https (443), Seq: 1, Ack: 1, Len: 517
Secure Sockets Layer
    TLSv1 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 512
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 508
            Version: TLS 1.2 (0x0303)
            Random: db373b22e4ed92614a1c8da5cc8a82e96645f383a9fc2c33...
            Session ID Length: 32
            Session ID: 5e189d6737643c7881af28c7725596ca5466ec8f4fdd8140...
            Cipher Suites Length: 24
            Cipher Suites (12 suites)
            Compression Methods Length: 1
            Compression Methods (1 method)
            Extensions Length: 411
            Extension: Reserved (GREASE) (len=0)
            Extension: renegotiation_info (len=1)
            Extension: server_name (len=37)
            Extension: extended_master_secret (len=0)
            Extension: SessionTicket TLS (len=0)
            Extension: signature_algorithms (len=20)
            Extension: status_request (len=5)
            Extension: signed_certificate_timestamp (len=0)
            Extension: application_layer_protocol_negotiation (len=14)
            Extension: ec_point_formats (len=2)
            Extension: key_share (len=43)
            Extension: psk_key_exchange_modes (len=2)
            Extension: supported_versions (len=7)
            Extension: supported_groups (len=10)
            Extension: Unknown type 27 (len=3)
            Extension: Reserved (GREASE) (len=1)
            Extension: padding (len=198)
click to hide/show revision 2
None

updated 2018-09-13 10:18:18 +0000

grahamb gravatar image

Suspicious Activity, TLS mismatch errors, Browser Set to Tls v1.3, seeing v1.0 on SSLLabs

Using a personal internet connection, wired only. I have enabled TLS 1.3 for months now, with ZERO issues. Zero middle box problems. Out of the blue, the other day my dnscrypt server was blocked. DoH fixed the problem for the time it lasted. ERR_SSL_VERSION_INTERFERENCE errors began occurring in Chrome and Firefox today. 7 out of 10 attempts to connect to HTTPS sites results in this error. Though I have enabled only TLS 1.2 and up, ssllabs confirms TLS 1.1, 1.0, and SSL3 are all in use as well. The test does not always show the same results, other times it shows only TLS 1.2, and 1.3 in use. TLS connections are also very slow and often fail over and over, making web use a chore. I'm Canadian. Recently our criminal agencies vowed to pass laws to force backdoors into large software vendors and remove vital internet security mechanisms to erode online safety and privacy. Perhaps this has something to do with their criminal activity. I do not want their dirty bloody hands on my credit card information. I am concerned these kinds of attacks may cause malware and other issues, should the streams be vulnerable to tampering and I feel like these phreaks would break into my online bank account and steal my money. I will keep the parasites in check.

Also, looks like my TLS packets are being modified in transit, for example; Wireshark shows the following

Note TLSV1 Record Layer, TLS 1.0, contains TLS 1.2 version within the handshake protocol. What is going on here? I disabled TLS 1.0 in Chrome yet this still gets through. Interestingly "Pale Moon" doesn't result in cipher depreciation. Any idea what is taking place?

Frame 23482: 571 bytes on wire (4568 bits), 571 bytes captured (4568 bits) on interface 0
Internet Protocol Version 4, Src: 192.168.50.241 (192.168.50.241), Dst: 173.194.152.121 (173.194.152.121)
Transmission Control Protocol, Src Port: 50941 (50941), Dst Port: https (443), Seq: 1, Ack: 1, Len: 517
Secure Sockets Layer
    TLSv1 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 512
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 508
            Version: TLS 1.2 (0x0303)
            Random: db373b22e4ed92614a1c8da5cc8a82e96645f383a9fc2c33...
            Session ID Length: 32
            Session ID: 5e189d6737643c7881af28c7725596ca5466ec8f4fdd8140...
            Cipher Suites Length: 24
            Cipher Suites (12 suites)
            Compression Methods Length: 1
            Compression Methods (1 method)
            Extensions Length: 411
            Extension: Reserved (GREASE) (len=0)
            Extension: renegotiation_info (len=1)
            Extension: server_name (len=37)
            Extension: extended_master_secret (len=0)
            Extension: SessionTicket TLS (len=0)
            Extension: signature_algorithms (len=20)
            Extension: status_request (len=5)
            Extension: signed_certificate_timestamp (len=0)
            Extension: application_layer_protocol_negotiation (len=14)
            Extension: ec_point_formats (len=2)
            Extension: key_share (len=43)
            Extension: psk_key_exchange_modes (len=2)
            Extension: supported_versions (len=7)
            Extension: supported_groups (len=10)
            Extension: Unknown type 27 (len=3)
            Extension: Reserved (GREASE) (len=1)
            Extension: padding (len=198)
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2