Why does Wireshark show Version TLS 1.2 here instead of TLS 1.3?












1














I'm accessing TLS 1.3 test server "https://tls13.pinterjann.is" via a java http client using TLS 1.3. Everything seems to work fine as the html response indicates:



HTML Response



What I don't understand: Why does Wireshark show in the overview Protocol TLSv1.3 but in the details Version TLS 1.2?



Is Wireshark just displaying the wrong Version or am I actually using TLS 1.2?



Thanks in advance for your support.



Wireshark ClientHelloWireshark HelloRetryWireshark ClientHello 2Wireshark ServerHello






wireshark







share|improve this question







New contributor




user120513 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • Is your copy of Wireshark up to date?
    – Jesse P.
    2 hours ago










  • Yes, I'm using Wireshark version 2.6.5.
    – user120513
    2 hours ago










  • Interestingly enough, it said 1.3 on one line but then said 1.0 on another, then 1.2 on yet another. Have you tried a different capture utility, such as Fiddler?
    – Jesse P.
    2 hours ago










  • No I didn't try another capture tool. Does Fiddler support displaying TLS 1.3 messages?
    – user120513
    2 hours ago










  • BTW: I found this capture cloudshark.org/captures/64d433b1585a on the internet, where the same thing happens. I guess it's an inaccurracy in the way Wireshark displays the version in the detail section.
    – user120513
    2 hours ago


















1














I'm accessing TLS 1.3 test server "https://tls13.pinterjann.is" via a java http client using TLS 1.3. Everything seems to work fine as the html response indicates:



HTML Response



What I don't understand: Why does Wireshark show in the overview Protocol TLSv1.3 but in the details Version TLS 1.2?



Is Wireshark just displaying the wrong Version or am I actually using TLS 1.2?



Thanks in advance for your support.



Wireshark ClientHelloWireshark HelloRetryWireshark ClientHello 2Wireshark ServerHello






wireshark







share|improve this question







New contributor




user120513 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • Is your copy of Wireshark up to date?
    – Jesse P.
    2 hours ago










  • Yes, I'm using Wireshark version 2.6.5.
    – user120513
    2 hours ago










  • Interestingly enough, it said 1.3 on one line but then said 1.0 on another, then 1.2 on yet another. Have you tried a different capture utility, such as Fiddler?
    – Jesse P.
    2 hours ago










  • No I didn't try another capture tool. Does Fiddler support displaying TLS 1.3 messages?
    – user120513
    2 hours ago










  • BTW: I found this capture cloudshark.org/captures/64d433b1585a on the internet, where the same thing happens. I guess it's an inaccurracy in the way Wireshark displays the version in the detail section.
    – user120513
    2 hours ago
















1












1








1







I'm accessing TLS 1.3 test server "https://tls13.pinterjann.is" via a java http client using TLS 1.3. Everything seems to work fine as the html response indicates:



HTML Response



What I don't understand: Why does Wireshark show in the overview Protocol TLSv1.3 but in the details Version TLS 1.2?



Is Wireshark just displaying the wrong Version or am I actually using TLS 1.2?



Thanks in advance for your support.



Wireshark ClientHelloWireshark HelloRetryWireshark ClientHello 2Wireshark ServerHello






wireshark







share|improve this question







New contributor




user120513 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











I'm accessing TLS 1.3 test server "https://tls13.pinterjann.is" via a java http client using TLS 1.3. Everything seems to work fine as the html response indicates:



HTML Response



What I don't understand: Why does Wireshark show in the overview Protocol TLSv1.3 but in the details Version TLS 1.2?



Is Wireshark just displaying the wrong Version or am I actually using TLS 1.2?



Thanks in advance for your support.



Wireshark ClientHelloWireshark HelloRetryWireshark ClientHello 2Wireshark ServerHello






wireshark




wireshark






share|improve this question







New contributor




user120513 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question







New contributor




user120513 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question






New contributor




user120513 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 5 hours ago









user120513

262




262




New contributor




user120513 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





user120513 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






user120513 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












  • Is your copy of Wireshark up to date?
    – Jesse P.
    2 hours ago










  • Yes, I'm using Wireshark version 2.6.5.
    – user120513
    2 hours ago










  • Interestingly enough, it said 1.3 on one line but then said 1.0 on another, then 1.2 on yet another. Have you tried a different capture utility, such as Fiddler?
    – Jesse P.
    2 hours ago










  • No I didn't try another capture tool. Does Fiddler support displaying TLS 1.3 messages?
    – user120513
    2 hours ago










  • BTW: I found this capture cloudshark.org/captures/64d433b1585a on the internet, where the same thing happens. I guess it's an inaccurracy in the way Wireshark displays the version in the detail section.
    – user120513
    2 hours ago




















  • Is your copy of Wireshark up to date?
    – Jesse P.
    2 hours ago










  • Yes, I'm using Wireshark version 2.6.5.
    – user120513
    2 hours ago










  • Interestingly enough, it said 1.3 on one line but then said 1.0 on another, then 1.2 on yet another. Have you tried a different capture utility, such as Fiddler?
    – Jesse P.
    2 hours ago










  • No I didn't try another capture tool. Does Fiddler support displaying TLS 1.3 messages?
    – user120513
    2 hours ago










  • BTW: I found this capture cloudshark.org/captures/64d433b1585a on the internet, where the same thing happens. I guess it's an inaccurracy in the way Wireshark displays the version in the detail section.
    – user120513
    2 hours ago


















Is your copy of Wireshark up to date?
– Jesse P.
2 hours ago




Is your copy of Wireshark up to date?
– Jesse P.
2 hours ago












Yes, I'm using Wireshark version 2.6.5.
– user120513
2 hours ago




Yes, I'm using Wireshark version 2.6.5.
– user120513
2 hours ago












Interestingly enough, it said 1.3 on one line but then said 1.0 on another, then 1.2 on yet another. Have you tried a different capture utility, such as Fiddler?
– Jesse P.
2 hours ago




Interestingly enough, it said 1.3 on one line but then said 1.0 on another, then 1.2 on yet another. Have you tried a different capture utility, such as Fiddler?
– Jesse P.
2 hours ago












No I didn't try another capture tool. Does Fiddler support displaying TLS 1.3 messages?
– user120513
2 hours ago




No I didn't try another capture tool. Does Fiddler support displaying TLS 1.3 messages?
– user120513
2 hours ago












BTW: I found this capture cloudshark.org/captures/64d433b1585a on the internet, where the same thing happens. I guess it's an inaccurracy in the way Wireshark displays the version in the detail section.
– user120513
2 hours ago






BTW: I found this capture cloudshark.org/captures/64d433b1585a on the internet, where the same thing happens. I guess it's an inaccurracy in the way Wireshark displays the version in the detail section.
– user120513
2 hours ago












1 Answer
1






active

oldest

votes


















2














Sorry, for the confusion, I was missing the exact TLS 1.3 semantics: For instance, in the Client Hello, the field "version" must contain the fixed value 0x0303 (TLS 1.2), while the prefered version is contained in the extension "supported versions".



From RFC 8446 (TLS 1.3 spec): 



struct {

      ProtocolVersion legacy_version = 0x0303;    /* TLS v1.2 */

      Random random;

      opaque legacy_session_id<0..32>;

      CipherSuite cipher_suites<2..2^16-2>;

      opaque legacy_compression_methods<1..2^8-1>;

      Extension extensions<8..2^16-1>;

  } ClientHello;



legacy_version: In previous versions of TLS, this field was used for
version negotiation and represented the highest version number
supported by the client. Experience has shown that many servers
do not properly implement version negotiation, leading to "version
intolerance" in which the server rejects an otherwise acceptable
ClientHello with a version number higher than it supports. In
TLS 1.3, the client indicates its version preferences in the
"supported_versions" extension (Section 4.2.1) and the
legacy_version field MUST be set to 0x0303, which is the version
number for TLS 1.2. TLS 1.3 ClientHellos are identified as having
a legacy_version of 0x0303 and a supported_versions extension
present with 0x0304 as the highest version indicated therein.
(See Appendix D for details about backward compatibility.)




This agrees with what Wireshark displays:



Wireshark supported versions






share|improve this answer








New contributor




user120513 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.














  • 1




    Nice find. Congrats.
    – Jesse P.
    46 mins ago











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "496"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});






user120513 is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f55752%2fwhy-does-wireshark-show-version-tls-1-2-here-instead-of-tls-1-3%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









2














Sorry, for the confusion, I was missing the exact TLS 1.3 semantics: For instance, in the Client Hello, the field "version" must contain the fixed value 0x0303 (TLS 1.2), while the prefered version is contained in the extension "supported versions".



From RFC 8446 (TLS 1.3 spec): 



struct {

      ProtocolVersion legacy_version = 0x0303;    /* TLS v1.2 */

      Random random;

      opaque legacy_session_id<0..32>;

      CipherSuite cipher_suites<2..2^16-2>;

      opaque legacy_compression_methods<1..2^8-1>;

      Extension extensions<8..2^16-1>;

  } ClientHello;



legacy_version: In previous versions of TLS, this field was used for
version negotiation and represented the highest version number
supported by the client. Experience has shown that many servers
do not properly implement version negotiation, leading to "version
intolerance" in which the server rejects an otherwise acceptable
ClientHello with a version number higher than it supports. In
TLS 1.3, the client indicates its version preferences in the
"supported_versions" extension (Section 4.2.1) and the
legacy_version field MUST be set to 0x0303, which is the version
number for TLS 1.2. TLS 1.3 ClientHellos are identified as having
a legacy_version of 0x0303 and a supported_versions extension
present with 0x0304 as the highest version indicated therein.
(See Appendix D for details about backward compatibility.)




This agrees with what Wireshark displays:



Wireshark supported versions






share|improve this answer








New contributor




user120513 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.














  • 1




    Nice find. Congrats.
    – Jesse P.
    46 mins ago
















2














Sorry, for the confusion, I was missing the exact TLS 1.3 semantics: For instance, in the Client Hello, the field "version" must contain the fixed value 0x0303 (TLS 1.2), while the prefered version is contained in the extension "supported versions".



From RFC 8446 (TLS 1.3 spec): 



struct {

      ProtocolVersion legacy_version = 0x0303;    /* TLS v1.2 */

      Random random;

      opaque legacy_session_id<0..32>;

      CipherSuite cipher_suites<2..2^16-2>;

      opaque legacy_compression_methods<1..2^8-1>;

      Extension extensions<8..2^16-1>;

  } ClientHello;



legacy_version: In previous versions of TLS, this field was used for
version negotiation and represented the highest version number
supported by the client. Experience has shown that many servers
do not properly implement version negotiation, leading to "version
intolerance" in which the server rejects an otherwise acceptable
ClientHello with a version number higher than it supports. In
TLS 1.3, the client indicates its version preferences in the
"supported_versions" extension (Section 4.2.1) and the
legacy_version field MUST be set to 0x0303, which is the version
number for TLS 1.2. TLS 1.3 ClientHellos are identified as having
a legacy_version of 0x0303 and a supported_versions extension
present with 0x0304 as the highest version indicated therein.
(See Appendix D for details about backward compatibility.)




This agrees with what Wireshark displays:



Wireshark supported versions






share|improve this answer








New contributor




user120513 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.














  • 1




    Nice find. Congrats.
    – Jesse P.
    46 mins ago














2












2








2






Sorry, for the confusion, I was missing the exact TLS 1.3 semantics: For instance, in the Client Hello, the field "version" must contain the fixed value 0x0303 (TLS 1.2), while the prefered version is contained in the extension "supported versions".



From RFC 8446 (TLS 1.3 spec): 



struct {

      ProtocolVersion legacy_version = 0x0303;    /* TLS v1.2 */

      Random random;

      opaque legacy_session_id<0..32>;

      CipherSuite cipher_suites<2..2^16-2>;

      opaque legacy_compression_methods<1..2^8-1>;

      Extension extensions<8..2^16-1>;

  } ClientHello;



legacy_version: In previous versions of TLS, this field was used for
version negotiation and represented the highest version number
supported by the client. Experience has shown that many servers
do not properly implement version negotiation, leading to "version
intolerance" in which the server rejects an otherwise acceptable
ClientHello with a version number higher than it supports. In
TLS 1.3, the client indicates its version preferences in the
"supported_versions" extension (Section 4.2.1) and the
legacy_version field MUST be set to 0x0303, which is the version
number for TLS 1.2. TLS 1.3 ClientHellos are identified as having
a legacy_version of 0x0303 and a supported_versions extension
present with 0x0304 as the highest version indicated therein.
(See Appendix D for details about backward compatibility.)




This agrees with what Wireshark displays:



Wireshark supported versions






share|improve this answer








New contributor




user120513 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









Sorry, for the confusion, I was missing the exact TLS 1.3 semantics: For instance, in the Client Hello, the field "version" must contain the fixed value 0x0303 (TLS 1.2), while the prefered version is contained in the extension "supported versions".



From RFC 8446 (TLS 1.3 spec): 



struct {

      ProtocolVersion legacy_version = 0x0303;    /* TLS v1.2 */

      Random random;

      opaque legacy_session_id<0..32>;

      CipherSuite cipher_suites<2..2^16-2>;

      opaque legacy_compression_methods<1..2^8-1>;

      Extension extensions<8..2^16-1>;

  } ClientHello;



legacy_version: In previous versions of TLS, this field was used for
version negotiation and represented the highest version number
supported by the client. Experience has shown that many servers
do not properly implement version negotiation, leading to "version
intolerance" in which the server rejects an otherwise acceptable
ClientHello with a version number higher than it supports. In
TLS 1.3, the client indicates its version preferences in the
"supported_versions" extension (Section 4.2.1) and the
legacy_version field MUST be set to 0x0303, which is the version
number for TLS 1.2. TLS 1.3 ClientHellos are identified as having
a legacy_version of 0x0303 and a supported_versions extension
present with 0x0304 as the highest version indicated therein.
(See Appendix D for details about backward compatibility.)




This agrees with what Wireshark displays:



Wireshark supported versions







share|improve this answer








New contributor




user120513 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this answer



share|improve this answer






New contributor




user120513 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









answered 1 hour ago









user120513

262




262




New contributor




user120513 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





user120513 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






user120513 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








  • 1




    Nice find. Congrats.
    – Jesse P.
    46 mins ago














  • 1




    Nice find. Congrats.
    – Jesse P.
    46 mins ago








1




1




Nice find. Congrats.
– Jesse P.
46 mins ago




Nice find. Congrats.
– Jesse P.
46 mins ago










user120513 is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















user120513 is a new contributor. Be nice, and check out our Code of Conduct.













user120513 is a new contributor. Be nice, and check out our Code of Conduct.












user120513 is a new contributor. Be nice, and check out our Code of Conduct.
















Thanks for contributing an answer to Network Engineering Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f55752%2fwhy-does-wireshark-show-version-tls-1-2-here-instead-of-tls-1-3%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Михайлов, Христо

Image
В Википедии есть статьи о других людях с фамилиями Михайлов и Попов. Христо Михайлов Попов болг. Христо Михайлов Попов Памятник в Монтане Дата рождения 18 апреля 1893 ( 1893-04-18 ) Место рождения Видин, Княжество Болгария Дата смерти 8 февраля 1944 ( 1944-02-08 ) (50 лет) Место смерти София, Третье Болгарское царство Принадлежность Болгария   Болгария Род войск сухопутные войска Годы службы 1912—1944 Звание генерал-полковник Командовал Народно-освободительная повстанческая армия Болгарии Сражения/войны Первая Балканская война Вторая Балканская война Первая мировая война Сентябрьское восстание Вторая мировая война Связи Иван Попов (брат) Дом-музей Христо Попова Христо Михайлов Попов , в Болгарии известный как Христо Михайлов , (болг. Христо Михайлов Попов ; 18 апреля 1893, Видин — 8 февраля 1944, София) — болгарский военный и государственный деятель, участник и руководитель Движения Сопротивления в Болгарии
Read more

Гороховецкий артиллерийский полигон

Image
Гороховецкий артиллерийский научно-испытательный опытный полигон  — главный артиллерийский полигон Вооружённых Сил Российской Федерации, расположенный в районе посёлка Мулино. Крупнейший полигон в Европе. Организован в начале 1930-х годов как филиал Артиллерийского научно-исследовательского опытного полигона (бывшего Охтинского опытного поля под Санкт-Петербургом), находится на территории Мулинского сельсовета Володарского района Нижегородской области, МО Куприяновское Гороховецкого района Владимирской области, город Гороховец. Также имел наименование — Гороховецкий учебно-артиллерийский лагерь , Мулинский полигон . История | Учебные стрельбы артиллерийских подразделений 3-й мотострелковой дивизии 22 февраля 2017. В конце XIX — начале XX века в леса возле деревни Мулино приезжали на летние лагеря солдаты русской армии, проходившие здесь полевую выучку. В 1928 году здесь побывал нарком обороны СССР К. Е. Ворошилов. Он выбрал земли, непригодные для земледелия (северо-во
Read more

Центральная группа войск

Image
Центральная группа войск (ЦГВ) Эмблема ВС Годы существования 1945—1955 1968—1991 Страна СССР Подчинение МО СССР Входит в РККА (СА), Вооружённых Сил СССР. Численность превышала 300 000 человек Дислокация Австрия и Венгрия (1945—1955), Чехословакия (1968—1991) Командиры Известные командиры Командующие войсками , См. список. 9 мая в штаб-квартире ЦГВ , 1984 год. Парк в ЦГВ , 1985 год. Магазин «Детский мир» в Миловице, ЦГВ , 1985 год. Центральная группа войск (ЦГВ)  — оперативно-стратегическое объединение (группа войск) Советских ВС, дважды существовавшее в период после окончания Великой Отечественной войны: в 1945—1955 годах дислоцировалась на территории Австрии и Венгрии; в период с 24 октября 1968 по 21 июня 1991 дислоцировалась в Чехословакии. Содержание 1 Центральная группа войск (1-го формирования) 1.1 Командующие (ЦГВ 1-го формирования): 2 Центральная группа войск (2-го формирования) 3
Read more