1

I found this question: SSLv3 HandShake but TLSv1 client hello

However, my situation is opposite: SSLv2 client hello then TLSv1 handshake. Can you please explain this for me? I use Wireshark to capture the connections on my Mac.

Wireshark

Details SSL

UPDATE: Add SSL details picture.

Community
  • 1
nxh
  • 113
  • 1
  • 6
  • Your question is similar, not "opposite": #83189 is SSL3-record containing ClientHello up to TLS1.0, your is SSL2-record containing ClientHello up to *at least* TLS1.0. Although you are *displaying* it with a different tool, and thus in a different format. – dave_thompson_085 Jan 15 '16 at 21:47

1 Answers1

1

The ClientHello message determines what methods of SSL/TLS are supported by the machine, which can include TLSv1 (encoded as SSLv3.1), so after the ClientHello message the machines determined that TLSv1 would be the protocol to use and started the handshake process for TLS.

sethmlarson
  • 1,489
  • 11
  • 17
  • In the other question, @Thomas Pornin said "In the ClientHello message, the client announces its "maximum supported version". Is this wrong in my case? – nxh Jan 15 '16 at 15:58
  • No that's exactly what it's doing. It announces the maximum supported version and then given that information the respondent chooses the highest supported version that is shared between the two peers. – sethmlarson Jan 15 '16 at 16:01
  • In particular if you (OP) select the ClientHello frame and expand it in Wireshark's Details pane, you will see `[Version: 2.0]` (brackets because version is implicit in SSL2 format) then `Length` then `Handshake Message Type: Client Hello` **then** `Version: (TLS1.0 or higher)` which is the offered maximum version **in** the mesage. Although it would be best to find whatever sw is doing this and update or configure it to request at least SSL3 **in SSL3 format**, because some important newer TLS capabilities (particularly ECC and SNI) can't be offered in SSL2 format. – dave_thompson_085 Jan 15 '16 at 21:55
  • Thanks Dave, you are right. The information is really helpful. I will update my question with the details from Wireshark. Btw, can you please explain further on "[Version: 2.0] brackets because version is implicit in SSL2 format"? – nxh Jan 16 '16 at 05:25