Why does Wireshark show Version TLS 1.2 here instead of TLS 1.3?
I'm accessing TLS 1.3 test server "https://tls13.pinterjann.is" via a java http client using TLS 1.3. Everything seems to work fine as the html response indicates:
What I don't understand: Why does Wireshark show in the overview Protocol TLSv1.3 but in the details Version TLS 1.2?
Is Wireshark just displaying the wrong Version or am I actually using TLS 1.2?
Thanks in advance for your support.
wireshark
New contributor
|
show 1 more comment
I'm accessing TLS 1.3 test server "https://tls13.pinterjann.is" via a java http client using TLS 1.3. Everything seems to work fine as the html response indicates:
What I don't understand: Why does Wireshark show in the overview Protocol TLSv1.3 but in the details Version TLS 1.2?
Is Wireshark just displaying the wrong Version or am I actually using TLS 1.2?
Thanks in advance for your support.
wireshark
New contributor
Is your copy of Wireshark up to date?
– Jesse P.
2 hours ago
Yes, I'm using Wireshark version 2.6.5.
– user120513
2 hours ago
Interestingly enough, it said 1.3 on one line but then said 1.0 on another, then 1.2 on yet another. Have you tried a different capture utility, such as Fiddler?
– Jesse P.
2 hours ago
No I didn't try another capture tool. Does Fiddler support displaying TLS 1.3 messages?
– user120513
2 hours ago
BTW: I found this capture cloudshark.org/captures/64d433b1585a on the internet, where the same thing happens. I guess it's an inaccurracy in the way Wireshark displays the version in the detail section.
– user120513
2 hours ago
|
show 1 more comment
I'm accessing TLS 1.3 test server "https://tls13.pinterjann.is" via a java http client using TLS 1.3. Everything seems to work fine as the html response indicates:
What I don't understand: Why does Wireshark show in the overview Protocol TLSv1.3 but in the details Version TLS 1.2?
Is Wireshark just displaying the wrong Version or am I actually using TLS 1.2?
Thanks in advance for your support.
wireshark
New contributor
I'm accessing TLS 1.3 test server "https://tls13.pinterjann.is" via a java http client using TLS 1.3. Everything seems to work fine as the html response indicates:
What I don't understand: Why does Wireshark show in the overview Protocol TLSv1.3 but in the details Version TLS 1.2?
Is Wireshark just displaying the wrong Version or am I actually using TLS 1.2?
Thanks in advance for your support.
wireshark
wireshark
New contributor
New contributor
New contributor
asked 5 hours ago
user120513
262
262
New contributor
New contributor
Is your copy of Wireshark up to date?
– Jesse P.
2 hours ago
Yes, I'm using Wireshark version 2.6.5.
– user120513
2 hours ago
Interestingly enough, it said 1.3 on one line but then said 1.0 on another, then 1.2 on yet another. Have you tried a different capture utility, such as Fiddler?
– Jesse P.
2 hours ago
No I didn't try another capture tool. Does Fiddler support displaying TLS 1.3 messages?
– user120513
2 hours ago
BTW: I found this capture cloudshark.org/captures/64d433b1585a on the internet, where the same thing happens. I guess it's an inaccurracy in the way Wireshark displays the version in the detail section.
– user120513
2 hours ago
|
show 1 more comment
Is your copy of Wireshark up to date?
– Jesse P.
2 hours ago
Yes, I'm using Wireshark version 2.6.5.
– user120513
2 hours ago
Interestingly enough, it said 1.3 on one line but then said 1.0 on another, then 1.2 on yet another. Have you tried a different capture utility, such as Fiddler?
– Jesse P.
2 hours ago
No I didn't try another capture tool. Does Fiddler support displaying TLS 1.3 messages?
– user120513
2 hours ago
BTW: I found this capture cloudshark.org/captures/64d433b1585a on the internet, where the same thing happens. I guess it's an inaccurracy in the way Wireshark displays the version in the detail section.
– user120513
2 hours ago
Is your copy of Wireshark up to date?
– Jesse P.
2 hours ago
Is your copy of Wireshark up to date?
– Jesse P.
2 hours ago
Yes, I'm using Wireshark version 2.6.5.
– user120513
2 hours ago
Yes, I'm using Wireshark version 2.6.5.
– user120513
2 hours ago
Interestingly enough, it said 1.3 on one line but then said 1.0 on another, then 1.2 on yet another. Have you tried a different capture utility, such as Fiddler?
– Jesse P.
2 hours ago
Interestingly enough, it said 1.3 on one line but then said 1.0 on another, then 1.2 on yet another. Have you tried a different capture utility, such as Fiddler?
– Jesse P.
2 hours ago
No I didn't try another capture tool. Does Fiddler support displaying TLS 1.3 messages?
– user120513
2 hours ago
No I didn't try another capture tool. Does Fiddler support displaying TLS 1.3 messages?
– user120513
2 hours ago
BTW: I found this capture cloudshark.org/captures/64d433b1585a on the internet, where the same thing happens. I guess it's an inaccurracy in the way Wireshark displays the version in the detail section.
– user120513
2 hours ago
BTW: I found this capture cloudshark.org/captures/64d433b1585a on the internet, where the same thing happens. I guess it's an inaccurracy in the way Wireshark displays the version in the detail section.
– user120513
2 hours ago
|
show 1 more comment
1 Answer
1
active
oldest
votes
Sorry, for the confusion, I was missing the exact TLS 1.3 semantics: For instance, in the Client Hello, the field "version" must contain the fixed value 0x0303 (TLS 1.2), while the prefered version is contained in the extension "supported versions".
From RFC 8446 (TLS 1.3 spec):
struct {
ProtocolVersion legacy_version = 0x0303; /* TLS v1.2 */
Random random;
opaque legacy_session_id<0..32>;
CipherSuite cipher_suites<2..2^16-2>;
opaque legacy_compression_methods<1..2^8-1>;
Extension extensions<8..2^16-1>;
} ClientHello;
legacy_version: In previous versions of TLS, this field was used for
version negotiation and represented the highest version number
supported by the client. Experience has shown that many servers
do not properly implement version negotiation, leading to "version
intolerance" in which the server rejects an otherwise acceptable
ClientHello with a version number higher than it supports. In
TLS 1.3, the client indicates its version preferences in the
"supported_versions" extension (Section 4.2.1) and the
legacy_version field MUST be set to 0x0303, which is the version
number for TLS 1.2. TLS 1.3 ClientHellos are identified as having
a legacy_version of 0x0303 and a supported_versions extension
present with 0x0304 as the highest version indicated therein.
(See Appendix D for details about backward compatibility.)
This agrees with what Wireshark displays:
New contributor
1
Nice find. Congrats.
– Jesse P.
34 mins ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "496"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
user120513 is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f55752%2fwhy-does-wireshark-show-version-tls-1-2-here-instead-of-tls-1-3%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sorry, for the confusion, I was missing the exact TLS 1.3 semantics: For instance, in the Client Hello, the field "version" must contain the fixed value 0x0303 (TLS 1.2), while the prefered version is contained in the extension "supported versions".
From RFC 8446 (TLS 1.3 spec):
struct {
ProtocolVersion legacy_version = 0x0303; /* TLS v1.2 */
Random random;
opaque legacy_session_id<0..32>;
CipherSuite cipher_suites<2..2^16-2>;
opaque legacy_compression_methods<1..2^8-1>;
Extension extensions<8..2^16-1>;
} ClientHello;
legacy_version: In previous versions of TLS, this field was used for
version negotiation and represented the highest version number
supported by the client. Experience has shown that many servers
do not properly implement version negotiation, leading to "version
intolerance" in which the server rejects an otherwise acceptable
ClientHello with a version number higher than it supports. In
TLS 1.3, the client indicates its version preferences in the
"supported_versions" extension (Section 4.2.1) and the
legacy_version field MUST be set to 0x0303, which is the version
number for TLS 1.2. TLS 1.3 ClientHellos are identified as having
a legacy_version of 0x0303 and a supported_versions extension
present with 0x0304 as the highest version indicated therein.
(See Appendix D for details about backward compatibility.)
This agrees with what Wireshark displays:
New contributor
1
Nice find. Congrats.
– Jesse P.
34 mins ago
add a comment |
Sorry, for the confusion, I was missing the exact TLS 1.3 semantics: For instance, in the Client Hello, the field "version" must contain the fixed value 0x0303 (TLS 1.2), while the prefered version is contained in the extension "supported versions".
From RFC 8446 (TLS 1.3 spec):
struct {
ProtocolVersion legacy_version = 0x0303; /* TLS v1.2 */
Random random;
opaque legacy_session_id<0..32>;
CipherSuite cipher_suites<2..2^16-2>;
opaque legacy_compression_methods<1..2^8-1>;
Extension extensions<8..2^16-1>;
} ClientHello;
legacy_version: In previous versions of TLS, this field was used for
version negotiation and represented the highest version number
supported by the client. Experience has shown that many servers
do not properly implement version negotiation, leading to "version
intolerance" in which the server rejects an otherwise acceptable
ClientHello with a version number higher than it supports. In
TLS 1.3, the client indicates its version preferences in the
"supported_versions" extension (Section 4.2.1) and the
legacy_version field MUST be set to 0x0303, which is the version
number for TLS 1.2. TLS 1.3 ClientHellos are identified as having
a legacy_version of 0x0303 and a supported_versions extension
present with 0x0304 as the highest version indicated therein.
(See Appendix D for details about backward compatibility.)
This agrees with what Wireshark displays:
New contributor
1
Nice find. Congrats.
– Jesse P.
34 mins ago
add a comment |
Sorry, for the confusion, I was missing the exact TLS 1.3 semantics: For instance, in the Client Hello, the field "version" must contain the fixed value 0x0303 (TLS 1.2), while the prefered version is contained in the extension "supported versions".
From RFC 8446 (TLS 1.3 spec):
struct {
ProtocolVersion legacy_version = 0x0303; /* TLS v1.2 */
Random random;
opaque legacy_session_id<0..32>;
CipherSuite cipher_suites<2..2^16-2>;
opaque legacy_compression_methods<1..2^8-1>;
Extension extensions<8..2^16-1>;
} ClientHello;
legacy_version: In previous versions of TLS, this field was used for
version negotiation and represented the highest version number
supported by the client. Experience has shown that many servers
do not properly implement version negotiation, leading to "version
intolerance" in which the server rejects an otherwise acceptable
ClientHello with a version number higher than it supports. In
TLS 1.3, the client indicates its version preferences in the
"supported_versions" extension (Section 4.2.1) and the
legacy_version field MUST be set to 0x0303, which is the version
number for TLS 1.2. TLS 1.3 ClientHellos are identified as having
a legacy_version of 0x0303 and a supported_versions extension
present with 0x0304 as the highest version indicated therein.
(See Appendix D for details about backward compatibility.)
This agrees with what Wireshark displays:
New contributor
Sorry, for the confusion, I was missing the exact TLS 1.3 semantics: For instance, in the Client Hello, the field "version" must contain the fixed value 0x0303 (TLS 1.2), while the prefered version is contained in the extension "supported versions".
From RFC 8446 (TLS 1.3 spec):
struct {
ProtocolVersion legacy_version = 0x0303; /* TLS v1.2 */
Random random;
opaque legacy_session_id<0..32>;
CipherSuite cipher_suites<2..2^16-2>;
opaque legacy_compression_methods<1..2^8-1>;
Extension extensions<8..2^16-1>;
} ClientHello;
legacy_version: In previous versions of TLS, this field was used for
version negotiation and represented the highest version number
supported by the client. Experience has shown that many servers
do not properly implement version negotiation, leading to "version
intolerance" in which the server rejects an otherwise acceptable
ClientHello with a version number higher than it supports. In
TLS 1.3, the client indicates its version preferences in the
"supported_versions" extension (Section 4.2.1) and the
legacy_version field MUST be set to 0x0303, which is the version
number for TLS 1.2. TLS 1.3 ClientHellos are identified as having
a legacy_version of 0x0303 and a supported_versions extension
present with 0x0304 as the highest version indicated therein.
(See Appendix D for details about backward compatibility.)
This agrees with what Wireshark displays:
New contributor
New contributor
answered 1 hour ago
user120513
262
262
New contributor
New contributor
1
Nice find. Congrats.
– Jesse P.
34 mins ago
add a comment |
1
Nice find. Congrats.
– Jesse P.
34 mins ago
1
1
Nice find. Congrats.
– Jesse P.
34 mins ago
Nice find. Congrats.
– Jesse P.
34 mins ago
add a comment |
user120513 is a new contributor. Be nice, and check out our Code of Conduct.
user120513 is a new contributor. Be nice, and check out our Code of Conduct.
user120513 is a new contributor. Be nice, and check out our Code of Conduct.
user120513 is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Network Engineering Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f55752%2fwhy-does-wireshark-show-version-tls-1-2-here-instead-of-tls-1-3%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Is your copy of Wireshark up to date?
– Jesse P.
2 hours ago
Yes, I'm using Wireshark version 2.6.5.
– user120513
2 hours ago
Interestingly enough, it said 1.3 on one line but then said 1.0 on another, then 1.2 on yet another. Have you tried a different capture utility, such as Fiddler?
– Jesse P.
2 hours ago
No I didn't try another capture tool. Does Fiddler support displaying TLS 1.3 messages?
– user120513
2 hours ago
BTW: I found this capture cloudshark.org/captures/64d433b1585a on the internet, where the same thing happens. I guess it's an inaccurracy in the way Wireshark displays the version in the detail section.
– user120513
2 hours ago