Search squid archive

Re: TLS client hello tls1.0 even with options "tls_outgoing_options min-version=1.2 options=NO_TLSv1:NO_TLSv1_1"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/12/22 06:34, Dieter Bloms wrote:

I've enabled sslbump and configured the following outgoing tls options:

tls_outgoing_options min-version=1.2 options=NO_TLSv1:NO_TLSv1_1 cipher=TLSv1.2:+aRSA:+SHA384:+SHA256:+DH:-kRSA:!PSK:!eNULL:!aNULL:!DSS:!AESCCM:!CAMELLIA:!ARIA


This probably does not apply to your specific use case, but I will state it here in case others readers find this exchange: If SslBump configuration peeks at the server, then Squid cannot honor tls_outgoing_options. For example, tls_outgoing_options will be ignored in the following configuration:

    ssl_bump peek all
    ssl_bump splice all

> min-version=1.2 options=NO_TLSv1:NO_TLSv1_1

FYI: The min-version=1.2 directive will automatically append NO_TLSv1:NO_TLSv1_1 options (or their GnuTLS equivalents).


so for me it looks like squid must not use TLS1.1 or TLS1.0.
But for some web sites like
https://www.europarl.europa.eu/doceo/document/LIBE-OJ-2022-12-12-1_EN.html
the first request is made with an tls1.0 client hello packet.

You are probably being misled by Wireshark (or equivalent). Packet in frame 4 and packet in frame 9 in your trace use the same set of versions. The two packets only differ in Random, Session ID, and Key Exchange fields (as expected). You can confirm that by expanding TLS sub-trees in each packet, copying each packet dissection, and comparing the two saved text files.

TLS has many layers. Layers have their own versions (and their own version-specific ways to specify versions). The two packets in question use v1.0 TLS record to transmit ClientHello message (legacy version v1.2) to announce support for TLS v1.2 and TLS v1.3:

TLS... Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.0 (0x0301)
    Handshake Protocol: Client Hello
        Version: TLS 1.2 (0x0303)
...
        Extension: supported_versions (len=5)
            Type: supported_versions (43)
            Length: 5
            Supported Versions length: 4
            Supported Version: TLS 1.3 (0x0304)
            Supported Version: TLS 1.2 (0x0303)


Why does Whireshark (and similar smart tools) say "TLSv1.3 Record Layer" only for packet 9 even though all the relevant ClientHello fields are identical in both packets? That happens because Wireshark is smart enough to look further into the TLS handshake and discover that, when it comes to the connection containing packet 9, the two agents have negotiated TLS v1.3 (starting with frame 10):

TLSv1.3 Record Layer: Handshake Protocol: Hello Retry Request
        Extension: supported_versions (len=2)
            Type: supported_versions (43)
            Length: 2
            Supported Version: TLS 1.3 (0x0304)


You can easily confirm that Wireshark is just being (too) helpful by exporting frames 1-9 from the packet capture (as a pcap packet capture) and looking at the exported packets with Wireshark. You will then see "TLSv1 Record Layer" instead of "TLSv1.3 Record Layer" for packet 9, even though you have modified no packets, only truncated the exchange.


I do not know why the server resets the first TCP connection.


HTH,

Alex.



When I reload the page the proxyserver sends a tls1.2 client hello and the website is shown as expected.

So what option can be used to force a minimum tls1.2 client hello package every time?

Here is a link to the pcap file with both variants: https://bloms.de/download/www.europarl.europa.eu.pcap



_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux