5

I am trying to understand how TLS works. Assuming the I have a java client that uses TLSv1 to communicate to the server which supports TLSv1.2, can the client talk to the server successfully?

When a server supports TLSv1.2, does this mean it is capable of accepting connections which are TLSv1, TLSv1.1 and TLSv1.2 or does it just accept TLSv1.2?

arjunj
  • 153
  • 4

2 Answers2

8

A server generally isn't configured to only support one version. The server can be configured to accept all versions, even lower stuff like SSLv3. During the initial connection between the client and server, they will negotiate and determine the highest protocol version they both support.

That being said, if a server only accepts 1.2 and the client only knows 1.0, they will not be able to negotiate a connection.

multithr3at3d
  • 12,529
  • 3
  • 31
  • 43
  • Thanks for that, so if a server is configured for v1,v1.1 and v1.2 and client is using v1, then they both use v1 to communicate right? – arjunj Nov 11 '15 at 15:45
  • That's correct. – multithr3at3d Nov 11 '15 at 15:50
  • Note that TLS 1.0 is on the way to get deprecated and unsupported. – Z.T. Nov 11 '15 at 16:07
  • Is there a source for this? – arjunj Nov 11 '15 at 16:27
  • @arjunj, [PCI DSS 3.1 disallows TLS 1.0](https://www.pcisecuritystandards.org/documents/Migrating_from_SSL_Early_TLS_Information%20Supplement_v1.pdf) ("early TLS"). While that is only enforced upon entities that handle credit cards, it's both an indication of the way the wind is blowing and a precedent that tends to get followed. – gowenfawr Nov 11 '15 at 17:00
  • @arunj In addition, iOS no longer allows tls v1 or v1.1 connections without an explicit override hardcoded in the app. If you have a choice, use tls v1.2 – Sandy Chapman Nov 11 '15 at 23:03
7

In the protocol, the client sends the maximum version that it supports, then the server chooses. Currently defined versions are 3.0, 3.1, 3.2 and 3.3 (SSL 3.1 is TLS 1.0, SSL 3.2 is TLS 1.1, and SSL 3.3 is TLS 1.2). This method of negotiating the protocol version assumes that the client supports a whole, continuous range of protocol versions, i.e. all versions from the beginning of times up to the one it indicates in its ClientHello. There is no way, in standard SSL/TLS for the client to, for instance, say that it accepts TLS 1.0 and TLS 1.2 but not TLS 1.1.

Since the server merely states which version it will use, then the server is free in its support choices. When a server is "configured to support TLS 1.2", then it means that the server will support that protocol version, but it does not say whether it will support previous versions as well.

Usually, servers that "support TLS 1.2" are also able to use TLS 1.1 and TLS 1.0. Most of them also used to support SSL 3.0 but this support is disappearing because SSL 3.0 has an unfixable protocol flaw. A further trend is to look at TLS 1.0 with some suspicion (mainly due to the BEAST attack, though it does not work anymore) and some servers are beginning to cease to support it as well. Some even reject TLS 1.1 because they tolerate only the "GCM" cipher suites, that do not exist in TLS prior to TLS 1.2.

Community
  • 1
Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955