On 02/03/2020 11:28, iilinasi wrote: > I'd like to understand, how does OpenSSL get to the idea of "0304" > version, if there is no such a byte sequence in the packet... > My question is: how OpenSSL determines the TLS version? How to debug it? > Very strange. I have no idea. Looking at the packet in question this does appear to be a straight forward TLSv1.0 ClientHello. TLSv1.3 would normally only ever be negotiated if the supported_versions extension is present, and that extension lists 0304 as one of the supported versions. But since the extension does not exist in the ClientHello it should be attempting to use TLSv1.3. > > Suprisingly, the server reports I'm using unsupported TLS version ?0304? > (which corresponds to TLS1.3). Is there any more detail around this? Server logs etc? Matt
