How will be cipher selected when client is running on version TLS 1.3 and server is running on TLS 1.2?
$begingroup$
How will be cipher selected when a client is running on version TLS 1.3 and server is running on TLS 1.2?
The cipher list provided by TLS 1.3 client will be different than the version supported on the TLS 1.2 server.
encryption tls key-derivation
$endgroup$
add a comment |
$begingroup$
How will be cipher selected when a client is running on version TLS 1.3 and server is running on TLS 1.2?
The cipher list provided by TLS 1.3 client will be different than the version supported on the TLS 1.2 server.
encryption tls key-derivation
$endgroup$
$begingroup$
Note: Downgrade can be very dangerous. See The 9 lives of Bleichenbacher's CAT, it puts another scratch again
$endgroup$
– kelalaka
Apr 21 at 17:18
add a comment |
$begingroup$
How will be cipher selected when a client is running on version TLS 1.3 and server is running on TLS 1.2?
The cipher list provided by TLS 1.3 client will be different than the version supported on the TLS 1.2 server.
encryption tls key-derivation
$endgroup$
How will be cipher selected when a client is running on version TLS 1.3 and server is running on TLS 1.2?
The cipher list provided by TLS 1.3 client will be different than the version supported on the TLS 1.2 server.
encryption tls key-derivation
encryption tls key-derivation
edited Apr 23 at 9:04
Maarten Bodewes♦
56.2k682202
56.2k682202
asked Apr 21 at 13:59
rakesh sharmarakesh sharma
262
262
$begingroup$
Note: Downgrade can be very dangerous. See The 9 lives of Bleichenbacher's CAT, it puts another scratch again
$endgroup$
– kelalaka
Apr 21 at 17:18
add a comment |
$begingroup$
Note: Downgrade can be very dangerous. See The 9 lives of Bleichenbacher's CAT, it puts another scratch again
$endgroup$
– kelalaka
Apr 21 at 17:18
$begingroup$
Note: Downgrade can be very dangerous. See The 9 lives of Bleichenbacher's CAT, it puts another scratch again
$endgroup$
– kelalaka
Apr 21 at 17:18
$begingroup$
Note: Downgrade can be very dangerous. See The 9 lives of Bleichenbacher's CAT, it puts another scratch again
$endgroup$
– kelalaka
Apr 21 at 17:18
add a comment |
1 Answer
1
active
oldest
votes
$begingroup$
If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake will fail. Otherwise the cipher will be selected as it is usually done with TLS 1.2: the client shows which ciphers it supports in the ClientHello and the server will pick the one which a) is supported by the server and b) fits the type of certificate of the server (i.e. authentication RSA or ECDSA). If there is no common cipher the handshake will fail.
$endgroup$
$begingroup$
As we know the cipher list of TLS1.3 is completely different then TlS1.2 and below version. Here my question is, if server supports tls1.2 and below version, how the cipher will be selected from the cipher list available in client hello of TLS1.3 version(where cipher list available in tls1.3 is different then tls1.2)
$endgroup$
– rakesh sharma
Apr 21 at 19:08
$begingroup$
@rakeshsharma This might lead to the two lists having no entries in common, hence connection failure
$endgroup$
– Hagen von Eitzen
Apr 21 at 19:50
$begingroup$
@rakeshsharma: If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake fails. If the client supports also older ciphers and TLS 1.2 and there is cipher overlap with the server then the server can pick a shared cipher, otherwise it will fail.
$endgroup$
– Steffen Ullrich
Apr 21 at 20:27
$begingroup$
@SteffenUllrich Thanks for your reply, Actually in one openssl Library(1.1.*), the cipher list provided by client was only having the ciphers supported in tls1.3 though client was supporting all the version(i confirmed it by checking the supported_version extension ) so i thought if this is the case then it will never work if server supports the version below tls_1.3 because of no common ciphers and will break everything. i have not observed the same in the latest openssl library(1.1.1b) , it includes all the previous ciphers in cipher list along with new ciphers.
$endgroup$
– rakesh sharma
Apr 22 at 10:05
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "281"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68931%2fhow-will-be-cipher-selected-when-client-is-running-on-version-tls-1-3-and-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake will fail. Otherwise the cipher will be selected as it is usually done with TLS 1.2: the client shows which ciphers it supports in the ClientHello and the server will pick the one which a) is supported by the server and b) fits the type of certificate of the server (i.e. authentication RSA or ECDSA). If there is no common cipher the handshake will fail.
$endgroup$
$begingroup$
As we know the cipher list of TLS1.3 is completely different then TlS1.2 and below version. Here my question is, if server supports tls1.2 and below version, how the cipher will be selected from the cipher list available in client hello of TLS1.3 version(where cipher list available in tls1.3 is different then tls1.2)
$endgroup$
– rakesh sharma
Apr 21 at 19:08
$begingroup$
@rakeshsharma This might lead to the two lists having no entries in common, hence connection failure
$endgroup$
– Hagen von Eitzen
Apr 21 at 19:50
$begingroup$
@rakeshsharma: If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake fails. If the client supports also older ciphers and TLS 1.2 and there is cipher overlap with the server then the server can pick a shared cipher, otherwise it will fail.
$endgroup$
– Steffen Ullrich
Apr 21 at 20:27
$begingroup$
@SteffenUllrich Thanks for your reply, Actually in one openssl Library(1.1.*), the cipher list provided by client was only having the ciphers supported in tls1.3 though client was supporting all the version(i confirmed it by checking the supported_version extension ) so i thought if this is the case then it will never work if server supports the version below tls_1.3 because of no common ciphers and will break everything. i have not observed the same in the latest openssl library(1.1.1b) , it includes all the previous ciphers in cipher list along with new ciphers.
$endgroup$
– rakesh sharma
Apr 22 at 10:05
add a comment |
$begingroup$
If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake will fail. Otherwise the cipher will be selected as it is usually done with TLS 1.2: the client shows which ciphers it supports in the ClientHello and the server will pick the one which a) is supported by the server and b) fits the type of certificate of the server (i.e. authentication RSA or ECDSA). If there is no common cipher the handshake will fail.
$endgroup$
$begingroup$
As we know the cipher list of TLS1.3 is completely different then TlS1.2 and below version. Here my question is, if server supports tls1.2 and below version, how the cipher will be selected from the cipher list available in client hello of TLS1.3 version(where cipher list available in tls1.3 is different then tls1.2)
$endgroup$
– rakesh sharma
Apr 21 at 19:08
$begingroup$
@rakeshsharma This might lead to the two lists having no entries in common, hence connection failure
$endgroup$
– Hagen von Eitzen
Apr 21 at 19:50
$begingroup$
@rakeshsharma: If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake fails. If the client supports also older ciphers and TLS 1.2 and there is cipher overlap with the server then the server can pick a shared cipher, otherwise it will fail.
$endgroup$
– Steffen Ullrich
Apr 21 at 20:27
$begingroup$
@SteffenUllrich Thanks for your reply, Actually in one openssl Library(1.1.*), the cipher list provided by client was only having the ciphers supported in tls1.3 though client was supporting all the version(i confirmed it by checking the supported_version extension ) so i thought if this is the case then it will never work if server supports the version below tls_1.3 because of no common ciphers and will break everything. i have not observed the same in the latest openssl library(1.1.1b) , it includes all the previous ciphers in cipher list along with new ciphers.
$endgroup$
– rakesh sharma
Apr 22 at 10:05
add a comment |
$begingroup$
If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake will fail. Otherwise the cipher will be selected as it is usually done with TLS 1.2: the client shows which ciphers it supports in the ClientHello and the server will pick the one which a) is supported by the server and b) fits the type of certificate of the server (i.e. authentication RSA or ECDSA). If there is no common cipher the handshake will fail.
$endgroup$
If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake will fail. Otherwise the cipher will be selected as it is usually done with TLS 1.2: the client shows which ciphers it supports in the ClientHello and the server will pick the one which a) is supported by the server and b) fits the type of certificate of the server (i.e. authentication RSA or ECDSA). If there is no common cipher the handshake will fail.
edited Apr 21 at 20:25
answered Apr 21 at 15:58
Steffen UllrichSteffen Ullrich
94657
94657
$begingroup$
As we know the cipher list of TLS1.3 is completely different then TlS1.2 and below version. Here my question is, if server supports tls1.2 and below version, how the cipher will be selected from the cipher list available in client hello of TLS1.3 version(where cipher list available in tls1.3 is different then tls1.2)
$endgroup$
– rakesh sharma
Apr 21 at 19:08
$begingroup$
@rakeshsharma This might lead to the two lists having no entries in common, hence connection failure
$endgroup$
– Hagen von Eitzen
Apr 21 at 19:50
$begingroup$
@rakeshsharma: If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake fails. If the client supports also older ciphers and TLS 1.2 and there is cipher overlap with the server then the server can pick a shared cipher, otherwise it will fail.
$endgroup$
– Steffen Ullrich
Apr 21 at 20:27
$begingroup$
@SteffenUllrich Thanks for your reply, Actually in one openssl Library(1.1.*), the cipher list provided by client was only having the ciphers supported in tls1.3 though client was supporting all the version(i confirmed it by checking the supported_version extension ) so i thought if this is the case then it will never work if server supports the version below tls_1.3 because of no common ciphers and will break everything. i have not observed the same in the latest openssl library(1.1.1b) , it includes all the previous ciphers in cipher list along with new ciphers.
$endgroup$
– rakesh sharma
Apr 22 at 10:05
add a comment |
$begingroup$
As we know the cipher list of TLS1.3 is completely different then TlS1.2 and below version. Here my question is, if server supports tls1.2 and below version, how the cipher will be selected from the cipher list available in client hello of TLS1.3 version(where cipher list available in tls1.3 is different then tls1.2)
$endgroup$
– rakesh sharma
Apr 21 at 19:08
$begingroup$
@rakeshsharma This might lead to the two lists having no entries in common, hence connection failure
$endgroup$
– Hagen von Eitzen
Apr 21 at 19:50
$begingroup$
@rakeshsharma: If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake fails. If the client supports also older ciphers and TLS 1.2 and there is cipher overlap with the server then the server can pick a shared cipher, otherwise it will fail.
$endgroup$
– Steffen Ullrich
Apr 21 at 20:27
$begingroup$
@SteffenUllrich Thanks for your reply, Actually in one openssl Library(1.1.*), the cipher list provided by client was only having the ciphers supported in tls1.3 though client was supporting all the version(i confirmed it by checking the supported_version extension ) so i thought if this is the case then it will never work if server supports the version below tls_1.3 because of no common ciphers and will break everything. i have not observed the same in the latest openssl library(1.1.1b) , it includes all the previous ciphers in cipher list along with new ciphers.
$endgroup$
– rakesh sharma
Apr 22 at 10:05
$begingroup$
As we know the cipher list of TLS1.3 is completely different then TlS1.2 and below version. Here my question is, if server supports tls1.2 and below version, how the cipher will be selected from the cipher list available in client hello of TLS1.3 version(where cipher list available in tls1.3 is different then tls1.2)
$endgroup$
– rakesh sharma
Apr 21 at 19:08
$begingroup$
As we know the cipher list of TLS1.3 is completely different then TlS1.2 and below version. Here my question is, if server supports tls1.2 and below version, how the cipher will be selected from the cipher list available in client hello of TLS1.3 version(where cipher list available in tls1.3 is different then tls1.2)
$endgroup$
– rakesh sharma
Apr 21 at 19:08
$begingroup$
@rakeshsharma This might lead to the two lists having no entries in common, hence connection failure
$endgroup$
– Hagen von Eitzen
Apr 21 at 19:50
$begingroup$
@rakeshsharma This might lead to the two lists having no entries in common, hence connection failure
$endgroup$
– Hagen von Eitzen
Apr 21 at 19:50
$begingroup$
@rakeshsharma: If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake fails. If the client supports also older ciphers and TLS 1.2 and there is cipher overlap with the server then the server can pick a shared cipher, otherwise it will fail.
$endgroup$
– Steffen Ullrich
Apr 21 at 20:27
$begingroup$
@rakeshsharma: If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake fails. If the client supports also older ciphers and TLS 1.2 and there is cipher overlap with the server then the server can pick a shared cipher, otherwise it will fail.
$endgroup$
– Steffen Ullrich
Apr 21 at 20:27
$begingroup$
@SteffenUllrich Thanks for your reply, Actually in one openssl Library(1.1.*), the cipher list provided by client was only having the ciphers supported in tls1.3 though client was supporting all the version(i confirmed it by checking the supported_version extension ) so i thought if this is the case then it will never work if server supports the version below tls_1.3 because of no common ciphers and will break everything. i have not observed the same in the latest openssl library(1.1.1b) , it includes all the previous ciphers in cipher list along with new ciphers.
$endgroup$
– rakesh sharma
Apr 22 at 10:05
$begingroup$
@SteffenUllrich Thanks for your reply, Actually in one openssl Library(1.1.*), the cipher list provided by client was only having the ciphers supported in tls1.3 though client was supporting all the version(i confirmed it by checking the supported_version extension ) so i thought if this is the case then it will never work if server supports the version below tls_1.3 because of no common ciphers and will break everything. i have not observed the same in the latest openssl library(1.1.1b) , it includes all the previous ciphers in cipher list along with new ciphers.
$endgroup$
– rakesh sharma
Apr 22 at 10:05
add a comment |
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68931%2fhow-will-be-cipher-selected-when-client-is-running-on-version-tls-1-3-and-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
$begingroup$
Note: Downgrade can be very dangerous. See The 9 lives of Bleichenbacher's CAT, it puts another scratch again
$endgroup$
– kelalaka
Apr 21 at 17:18