How do we determine the SSL/TLS version of an HTTP request?

  • We are wanting to configure our Windows client to use only TLS 1.1 and greater. We've learned that we can do this by editing the registry. Now we want to make several HTTPS requests from different applications and check to be sure that they all use TLS 1.1 and above.

    What we have tried is to run Wireshark with (ip.dst == 137.117.17.70) && ssl and with (ip.src == 137.117.17.70) && ssl as the filter and then run a web request from Internet Explorer. The results show this for the Client Hello.

    Secure Sockets Layer
      TLSv1.2 Record Layer: Handshake Protocol: Client Hello
        Version: TLS 1.0   
        Handshake Protocol: Client Hello
          Version: TLS 1.2
    

    And they show this for the Server Hello.

    Secure Sockets Layer
      TLSv1.2 Record Layer: Handshake Protocol: Server Hello
        Version: TLS 1.2
        Handshake Protocol: Server Hello
          Version: TLS 1.2
    

    Secure Sockets Layer

    My sense is that that means we have not successfully turned off the legacy protocol, because the Client Hello initially says 1.0. Is that right?

    Here is a better way of filtering for the Client Hello and Server Hello for a specific IP address.

    (ip.src == 137.117.17.70) && ssl.handshake.type == 1
    (ip.dst == 137.117.17.70) && ssl.handshake.type == 2
    

    For starters, the Registry fixes only work for applications that use SCHANNEL (the built-in SSL/TLS provider for Windows). For the most part, that will just be built-in Windows components and some other Microsoft products. (Internet Explorer & IIS being the most obvious ones.) Many third-party programs will have their own SSL/TLS implementations built-in, which will have to be configured separately.

    That's good to know. The main use case is configuring an ASP.NET application to make requests using TLS 1.1 and greater.

    BTW: Have you tried Fiddler? It's a bit more specialized for web debugging than WireShark. I find it generally easier to use in many situations.

    @Iszi I have tried Fiddler though I did not know that it can detect the SSL/TLS version.

    I don't think I've ever actually tried using it for that particular purpose, but since it can go so far as to intercept & decrypt HTTPS traffic (and in a pretty easy, user-friendly manner no less) I'd think that should be possible. Firebug may or may not also be of use, if you're doing this client-side and have Firefox handy. Also, do make sure both the server *and* client OS & applications are properly configured.

    Nice thing about Firebug is you don't have to install certs for SSL intercept - since it's a MitB instead of MitM, it already has access to the cleartext.

    The first filter should be `ssl.handshake.type == 1` (not 2).

    While you have enough answers on how to snoop the version, this will not actually help. Servers will usually negotiate a higher version if available, regardless of wether a lower version would be allowed. What you want to do is set up a test server that only supports TLS 1.1 and see if your client correctly refuses to connect.

  • You want to look at the "protocol version" in the ServerHello message. Consider this image, shamelessly plundered from the Web and that shows a screenshot of a ServerHello being decoded by Wireshark:

    SSL ServerHello in Wireshark

    There are two "Version: TLS 1.0 (0x0301)" instances in this picture. The first one is from the header of the record that contains the ServerHello. The second one is from the contents of the ServerHello message itself. The second one is the one you are interested in, because it is the way the server informs the client about the protocol version that will be used for this connection.

    So, how do we know what protocol version the client is requesting? Isn't that in the Client Hello?

    In the `ClientHello`, the client sends the maximum version that it supports. Then the server chooses, usually by using the highest version that both client and server support. Note that nowhere in the handshake will you find any indication of how low the client or the server would accept to stoop; that the client says "TLS-1.2" does not mean that the client would have refused to do some TLS-1.0...

    @ShaunLuttin To emphasize, **ClientHello does not tell you the minimum the client will accept**. You must **try connecting to a server that responds with lower protocol versions** and see if the client accepts or aborts. Depending on your undescribed app server(s), it may be easy, difficult or impossible for it to do that. If your client app can do at least one path-only (no query) GET request that accepts a static textual reply, you can use `openssl s_server` with `-WWW` (note uppercase) to serve a static file (or several) under manually specified protocol versions and see which are accepted.

License under CC-BY-SA with attribution


Content dated before 6/26/2020 9:53 AM