I am trying to understand the handshake protocol, when we had our ssl debug mode

Question

I am trying to understand the handshake protocol, when we had our ssl debug mode on we saw that the handshake is SSLv3, but the Client Hello as TLSv1.

http-8443-14, READ: SSLv3 Handshake, length = 87 *** ClientHello, TLSv1

What does that mean?

The client sends a SSLv3 ClientHello so that a server who understands only SSLv3 can process that message, and continue with a SSLv3 handshake. But the SSLv3 ClientHello also says "by the way, I know TLSv1, so if you know TLSv1 too, let's do TLSv1 instead of SSLv3.

Please correct if this doesn't make any sense, I am not a networking/IS guy.

Explanation / Answer

This is pretty much correct. The details are laid out in the TLS RFCs, but here's the short version:

TLS messages are sent with several layers; a ClientHello message is sent within a TLSPlaintext Record, which is transported over (usually) TCP. The TLSPlaintext record has a "version" field, which is where the SSLv3 you are seeing comes from. The ClientHello message has a "client_version" field, which is the TLSv1 value reported.

A TLS implementation is supposed to accept any version that starts with "3" (TLSv1 is 3.1, TLSv1.1 is 3.2, etc). In practice, some servers will fail silently (instead of giving a useful alert) if this version is higher than they can support. So clients usually send either "3.0" (SSLv3) or the minimum version that they can support.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.