[squid-users] TLS client hello tls1.0 even with options "tls_outgoing_options min-version=1.2 options=NO_TLSv1:NO_TLSv1_1"
Alex Rousskov
rousskov at measurement-factory.com
Mon Dec 12 14:24:13 UTC 2022
On 12/12/22 06:34, Dieter Bloms wrote:
> I've enabled sslbump and configured the following outgoing tls options:
>
> tls_outgoing_options min-version=1.2 options=NO_TLSv1:NO_TLSv1_1 cipher=TLSv1.2:+aRSA:+SHA384:+SHA256:+DH:-kRSA:!PSK:!eNULL:!aNULL:!DSS:!AESCCM:!CAMELLIA:!ARIA
This probably does not apply to your specific use case, but I will state
it here in case others readers find this exchange: If SslBump
configuration peeks at the server, then Squid cannot honor
tls_outgoing_options. For example, tls_outgoing_options will be ignored
in the following configuration:
ssl_bump peek all
ssl_bump splice all
> min-version=1.2 options=NO_TLSv1:NO_TLSv1_1
FYI: The min-version=1.2 directive will automatically append
NO_TLSv1:NO_TLSv1_1 options (or their GnuTLS equivalents).
> so for me it looks like squid must not use TLS1.1 or TLS1.0.
> But for some web sites like
> https://www.europarl.europa.eu/doceo/document/LIBE-OJ-2022-12-12-1_EN.html
> the first request is made with an tls1.0 client hello packet.
You are probably being misled by Wireshark (or equivalent). Packet in
frame 4 and packet in frame 9 in your trace use the same set of
versions. The two packets only differ in Random, Session ID, and Key
Exchange fields (as expected). You can confirm that by expanding TLS
sub-trees in each packet, copying each packet dissection, and comparing
the two saved text files.
TLS has many layers. Layers have their own versions (and their own
version-specific ways to specify versions). The two packets in question
use v1.0 TLS record to transmit ClientHello message (legacy version
v1.2) to announce support for TLS v1.2 and TLS v1.3:
> TLS... Record Layer: Handshake Protocol: Client Hello
> Content Type: Handshake (22)
> Version: TLS 1.0 (0x0301)
> Handshake Protocol: Client Hello
> Version: TLS 1.2 (0x0303)
...
> Extension: supported_versions (len=5)
> Type: supported_versions (43)
> Length: 5
> Supported Versions length: 4
> Supported Version: TLS 1.3 (0x0304)
> Supported Version: TLS 1.2 (0x0303)
Why does Whireshark (and similar smart tools) say "TLSv1.3 Record Layer"
only for packet 9 even though all the relevant ClientHello fields are
identical in both packets? That happens because Wireshark is smart
enough to look further into the TLS handshake and discover that, when it
comes to the connection containing packet 9, the two agents have
negotiated TLS v1.3 (starting with frame 10):
> TLSv1.3 Record Layer: Handshake Protocol: Hello Retry Request
> Extension: supported_versions (len=2)
> Type: supported_versions (43)
> Length: 2
> Supported Version: TLS 1.3 (0x0304)
You can easily confirm that Wireshark is just being (too) helpful by
exporting frames 1-9 from the packet capture (as a pcap packet capture)
and looking at the exported packets with Wireshark. You will then see
"TLSv1 Record Layer" instead of "TLSv1.3 Record Layer" for packet 9,
even though you have modified no packets, only truncated the exchange.
I do not know why the server resets the first TCP connection.
HTH,
Alex.
> When I reload the page the proxyserver sends a tls1.2 client hello and the website is shown as expected.
>
> So what option can be used to force a minimum tls1.2 client hello package every time?
>
> Here is a link to the pcap file with both variants: https://bloms.de/download/www.europarl.europa.eu.pcap
>
>
More information about the squid-users
mailing list