How will be cipher selected when client is running on version TLS 1.3 and server is running on TLS 1.2?












3












$begingroup$


How will be cipher selected when a client is running on version TLS 1.3 and server is running on TLS 1.2?



The cipher list provided by TLS 1.3 client will be different than the version supported on the TLS 1.2 server.






encryption tls key-derivation







share|improve this question











$endgroup$












  • $begingroup$
    Note: Downgrade can be very dangerous. See The 9 lives of Bleichenbacher's CAT, it puts another scratch again
    $endgroup$
    – kelalaka
    Apr 21 at 17:18
















3












$begingroup$


How will be cipher selected when a client is running on version TLS 1.3 and server is running on TLS 1.2?



The cipher list provided by TLS 1.3 client will be different than the version supported on the TLS 1.2 server.






encryption tls key-derivation







share|improve this question











$endgroup$












  • $begingroup$
    Note: Downgrade can be very dangerous. See The 9 lives of Bleichenbacher's CAT, it puts another scratch again
    $endgroup$
    – kelalaka
    Apr 21 at 17:18














3












3








3


1



$begingroup$


How will be cipher selected when a client is running on version TLS 1.3 and server is running on TLS 1.2?



The cipher list provided by TLS 1.3 client will be different than the version supported on the TLS 1.2 server.






encryption tls key-derivation







share|improve this question











$endgroup$




How will be cipher selected when a client is running on version TLS 1.3 and server is running on TLS 1.2?



The cipher list provided by TLS 1.3 client will be different than the version supported on the TLS 1.2 server.






encryption tls key-derivation




encryption tls key-derivation






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Apr 23 at 9:04









Maarten Bodewes

56.2k682202




56.2k682202










asked Apr 21 at 13:59









rakesh sharmarakesh sharma

262




262












  • $begingroup$
    Note: Downgrade can be very dangerous. See The 9 lives of Bleichenbacher's CAT, it puts another scratch again
    $endgroup$
    – kelalaka
    Apr 21 at 17:18


















  • $begingroup$
    Note: Downgrade can be very dangerous. See The 9 lives of Bleichenbacher's CAT, it puts another scratch again
    $endgroup$
    – kelalaka
    Apr 21 at 17:18
















$begingroup$
Note: Downgrade can be very dangerous. See The 9 lives of Bleichenbacher's CAT, it puts another scratch again
$endgroup$
– kelalaka
Apr 21 at 17:18




$begingroup$
Note: Downgrade can be very dangerous. See The 9 lives of Bleichenbacher's CAT, it puts another scratch again
$endgroup$
– kelalaka
Apr 21 at 17:18










1 Answer
1






active

oldest

votes


















4












$begingroup$

If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake will fail. Otherwise the cipher will be selected as it is usually done with TLS 1.2: the client shows which ciphers it supports in the ClientHello and the server will pick the one which a) is supported by the server and b) fits the type of certificate of the server (i.e. authentication RSA or ECDSA). If there is no common cipher the handshake will fail.






share|improve this answer











$endgroup$













  • $begingroup$
    As we know the cipher list of TLS1.3 is completely different then TlS1.2 and below version. Here my question is, if server supports tls1.2 and below version, how the cipher will be selected from the cipher list available in client hello of TLS1.3 version(where cipher list available in tls1.3 is different then tls1.2)
    $endgroup$
    – rakesh sharma
    Apr 21 at 19:08










  • $begingroup$
    @rakeshsharma This might lead to the two lists having no entries in common, hence connection failure
    $endgroup$
    – Hagen von Eitzen
    Apr 21 at 19:50










  • $begingroup$
    @rakeshsharma: If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake fails. If the client supports also older ciphers and TLS 1.2 and there is cipher overlap with the server then the server can pick a shared cipher, otherwise it will fail.
    $endgroup$
    – Steffen Ullrich
    Apr 21 at 20:27












  • $begingroup$
    @SteffenUllrich Thanks for your reply, Actually in one openssl Library(1.1.*), the cipher list provided by client was only having the ciphers supported in tls1.3 though client was supporting all the version(i confirmed it by checking the supported_version extension ) so i thought if this is the case then it will never work if server supports the version below tls_1.3 because of no common ciphers and will break everything. i have not observed the same in the latest openssl library(1.1.1b) , it includes all the previous ciphers in cipher list along with new ciphers.
    $endgroup$
    – rakesh sharma
    Apr 22 at 10:05












Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "281"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68931%2fhow-will-be-cipher-selected-when-client-is-running-on-version-tls-1-3-and-server%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









4












$begingroup$

If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake will fail. Otherwise the cipher will be selected as it is usually done with TLS 1.2: the client shows which ciphers it supports in the ClientHello and the server will pick the one which a) is supported by the server and b) fits the type of certificate of the server (i.e. authentication RSA or ECDSA). If there is no common cipher the handshake will fail.






share|improve this answer











$endgroup$













  • $begingroup$
    As we know the cipher list of TLS1.3 is completely different then TlS1.2 and below version. Here my question is, if server supports tls1.2 and below version, how the cipher will be selected from the cipher list available in client hello of TLS1.3 version(where cipher list available in tls1.3 is different then tls1.2)
    $endgroup$
    – rakesh sharma
    Apr 21 at 19:08










  • $begingroup$
    @rakeshsharma This might lead to the two lists having no entries in common, hence connection failure
    $endgroup$
    – Hagen von Eitzen
    Apr 21 at 19:50










  • $begingroup$
    @rakeshsharma: If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake fails. If the client supports also older ciphers and TLS 1.2 and there is cipher overlap with the server then the server can pick a shared cipher, otherwise it will fail.
    $endgroup$
    – Steffen Ullrich
    Apr 21 at 20:27












  • $begingroup$
    @SteffenUllrich Thanks for your reply, Actually in one openssl Library(1.1.*), the cipher list provided by client was only having the ciphers supported in tls1.3 though client was supporting all the version(i confirmed it by checking the supported_version extension ) so i thought if this is the case then it will never work if server supports the version below tls_1.3 because of no common ciphers and will break everything. i have not observed the same in the latest openssl library(1.1.1b) , it includes all the previous ciphers in cipher list along with new ciphers.
    $endgroup$
    – rakesh sharma
    Apr 22 at 10:05
















4












$begingroup$

If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake will fail. Otherwise the cipher will be selected as it is usually done with TLS 1.2: the client shows which ciphers it supports in the ClientHello and the server will pick the one which a) is supported by the server and b) fits the type of certificate of the server (i.e. authentication RSA or ECDSA). If there is no common cipher the handshake will fail.






share|improve this answer











$endgroup$













  • $begingroup$
    As we know the cipher list of TLS1.3 is completely different then TlS1.2 and below version. Here my question is, if server supports tls1.2 and below version, how the cipher will be selected from the cipher list available in client hello of TLS1.3 version(where cipher list available in tls1.3 is different then tls1.2)
    $endgroup$
    – rakesh sharma
    Apr 21 at 19:08










  • $begingroup$
    @rakeshsharma This might lead to the two lists having no entries in common, hence connection failure
    $endgroup$
    – Hagen von Eitzen
    Apr 21 at 19:50










  • $begingroup$
    @rakeshsharma: If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake fails. If the client supports also older ciphers and TLS 1.2 and there is cipher overlap with the server then the server can pick a shared cipher, otherwise it will fail.
    $endgroup$
    – Steffen Ullrich
    Apr 21 at 20:27












  • $begingroup$
    @SteffenUllrich Thanks for your reply, Actually in one openssl Library(1.1.*), the cipher list provided by client was only having the ciphers supported in tls1.3 though client was supporting all the version(i confirmed it by checking the supported_version extension ) so i thought if this is the case then it will never work if server supports the version below tls_1.3 because of no common ciphers and will break everything. i have not observed the same in the latest openssl library(1.1.1b) , it includes all the previous ciphers in cipher list along with new ciphers.
    $endgroup$
    – rakesh sharma
    Apr 22 at 10:05














4












4








4





$begingroup$

If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake will fail. Otherwise the cipher will be selected as it is usually done with TLS 1.2: the client shows which ciphers it supports in the ClientHello and the server will pick the one which a) is supported by the server and b) fits the type of certificate of the server (i.e. authentication RSA or ECDSA). If there is no common cipher the handshake will fail.






share|improve this answer











$endgroup$



If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake will fail. Otherwise the cipher will be selected as it is usually done with TLS 1.2: the client shows which ciphers it supports in the ClientHello and the server will pick the one which a) is supported by the server and b) fits the type of certificate of the server (i.e. authentication RSA or ECDSA). If there is no common cipher the handshake will fail.







share|improve this answer














share|improve this answer



share|improve this answer








edited Apr 21 at 20:25

























answered Apr 21 at 15:58









Steffen UllrichSteffen Ullrich

94657




94657












  • $begingroup$
    As we know the cipher list of TLS1.3 is completely different then TlS1.2 and below version. Here my question is, if server supports tls1.2 and below version, how the cipher will be selected from the cipher list available in client hello of TLS1.3 version(where cipher list available in tls1.3 is different then tls1.2)
    $endgroup$
    – rakesh sharma
    Apr 21 at 19:08










  • $begingroup$
    @rakeshsharma This might lead to the two lists having no entries in common, hence connection failure
    $endgroup$
    – Hagen von Eitzen
    Apr 21 at 19:50










  • $begingroup$
    @rakeshsharma: If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake fails. If the client supports also older ciphers and TLS 1.2 and there is cipher overlap with the server then the server can pick a shared cipher, otherwise it will fail.
    $endgroup$
    – Steffen Ullrich
    Apr 21 at 20:27












  • $begingroup$
    @SteffenUllrich Thanks for your reply, Actually in one openssl Library(1.1.*), the cipher list provided by client was only having the ciphers supported in tls1.3 though client was supporting all the version(i confirmed it by checking the supported_version extension ) so i thought if this is the case then it will never work if server supports the version below tls_1.3 because of no common ciphers and will break everything. i have not observed the same in the latest openssl library(1.1.1b) , it includes all the previous ciphers in cipher list along with new ciphers.
    $endgroup$
    – rakesh sharma
    Apr 22 at 10:05


















  • $begingroup$
    As we know the cipher list of TLS1.3 is completely different then TlS1.2 and below version. Here my question is, if server supports tls1.2 and below version, how the cipher will be selected from the cipher list available in client hello of TLS1.3 version(where cipher list available in tls1.3 is different then tls1.2)
    $endgroup$
    – rakesh sharma
    Apr 21 at 19:08










  • $begingroup$
    @rakeshsharma This might lead to the two lists having no entries in common, hence connection failure
    $endgroup$
    – Hagen von Eitzen
    Apr 21 at 19:50










  • $begingroup$
    @rakeshsharma: If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake fails. If the client supports also older ciphers and TLS 1.2 and there is cipher overlap with the server then the server can pick a shared cipher, otherwise it will fail.
    $endgroup$
    – Steffen Ullrich
    Apr 21 at 20:27












  • $begingroup$
    @SteffenUllrich Thanks for your reply, Actually in one openssl Library(1.1.*), the cipher list provided by client was only having the ciphers supported in tls1.3 though client was supporting all the version(i confirmed it by checking the supported_version extension ) so i thought if this is the case then it will never work if server supports the version below tls_1.3 because of no common ciphers and will break everything. i have not observed the same in the latest openssl library(1.1.1b) , it includes all the previous ciphers in cipher list along with new ciphers.
    $endgroup$
    – rakesh sharma
    Apr 22 at 10:05
















$begingroup$
As we know the cipher list of TLS1.3 is completely different then TlS1.2 and below version. Here my question is, if server supports tls1.2 and below version, how the cipher will be selected from the cipher list available in client hello of TLS1.3 version(where cipher list available in tls1.3 is different then tls1.2)
$endgroup$
– rakesh sharma
Apr 21 at 19:08




$begingroup$
As we know the cipher list of TLS1.3 is completely different then TlS1.2 and below version. Here my question is, if server supports tls1.2 and below version, how the cipher will be selected from the cipher list available in client hello of TLS1.3 version(where cipher list available in tls1.3 is different then tls1.2)
$endgroup$
– rakesh sharma
Apr 21 at 19:08












$begingroup$
@rakeshsharma This might lead to the two lists having no entries in common, hence connection failure
$endgroup$
– Hagen von Eitzen
Apr 21 at 19:50




$begingroup$
@rakeshsharma This might lead to the two lists having no entries in common, hence connection failure
$endgroup$
– Hagen von Eitzen
Apr 21 at 19:50












$begingroup$
@rakeshsharma: If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake fails. If the client supports also older ciphers and TLS 1.2 and there is cipher overlap with the server then the server can pick a shared cipher, otherwise it will fail.
$endgroup$
– Steffen Ullrich
Apr 21 at 20:27






$begingroup$
@rakeshsharma: If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake fails. If the client supports also older ciphers and TLS 1.2 and there is cipher overlap with the server then the server can pick a shared cipher, otherwise it will fail.
$endgroup$
– Steffen Ullrich
Apr 21 at 20:27














$begingroup$
@SteffenUllrich Thanks for your reply, Actually in one openssl Library(1.1.*), the cipher list provided by client was only having the ciphers supported in tls1.3 though client was supporting all the version(i confirmed it by checking the supported_version extension ) so i thought if this is the case then it will never work if server supports the version below tls_1.3 because of no common ciphers and will break everything. i have not observed the same in the latest openssl library(1.1.1b) , it includes all the previous ciphers in cipher list along with new ciphers.
$endgroup$
– rakesh sharma
Apr 22 at 10:05




$begingroup$
@SteffenUllrich Thanks for your reply, Actually in one openssl Library(1.1.*), the cipher list provided by client was only having the ciphers supported in tls1.3 though client was supporting all the version(i confirmed it by checking the supported_version extension ) so i thought if this is the case then it will never work if server supports the version below tls_1.3 because of no common ciphers and will break everything. i have not observed the same in the latest openssl library(1.1.1b) , it includes all the previous ciphers in cipher list along with new ciphers.
$endgroup$
– rakesh sharma
Apr 22 at 10:05


















draft saved

draft discarded




















































Thanks for contributing an answer to Cryptography Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


Use MathJax to format equations. MathJax reference.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68931%2fhow-will-be-cipher-selected-when-client-is-running-on-version-tls-1-3-and-server%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

He _____ here since 1970 . Answer needed [closed]What does “since he was so high” mean?Meaning of “catch birds for”?How do I ensure “since” takes the meaning I want?“Who cares here” meaningWhat does “right round toward” mean?the time tense (had now been detected)What does the phrase “ring around the roses” mean here?Correct usage of “visited upon”Meaning of “foiled rail sabotage bid”It was the third time I had gone to Rome or It is the third time I had been to Rome

Image
Engineer refusing to file/disclose patents Extending the spectral theorem for bounded self adjoint operators to bounded normal operators Do varchar(max), nvarchar(max) and varbinary(max) columns affect select queries? Why is it that I can sometimes guess the next note? What linear sensor for a keyboard? Why don’t women say שלא עשני גויה and שפחה, according to Ashkenazim? Did arcade monitors have same pixel aspect ratio as TV sets? anything or something to eat Query about absorption line spectra Can I use my Chinese passport to enter China after I acquired another citizenship? Fuse symbol on toroidal transformer Create all possible words using a set or letters Does the Mind Blank spell prevent the target from being frightened? Can I sign legal documents with a smiley face? When quoting, must I also copy hyphens used to divide words that continue on the next line? Hot bath for aluminium engine block and heads Journal losing indexing services Is it possib
Read more

Bunad

Image
Tradisjonelle folkedrakter frå Aust-Telemark, truleg frå 1880-åra. Drakter som dette er grunnlaget for moderne bunadar. Foto: Axel Lindahl Bunad frå Eggedal i Buskerud fotografert i 1906. Bunad (frå kledebunad , der norrønt «búnaðr» har same rot som (føre)bu) er ei samnemning brukt om klesdrakter i tradisjonell nordisk stil — ofte utvikla frå folkedrakter, men likevel i ein eigen tradisjon. Ein bunad er typisk ei forseggjort og kostbar drakt, med mykje broderi, og med handsmidde smykke i gull eller sølv, særleg dei særeigne søljene, som obligatorisk prynad i tillegg. Bunad og bunadbruk er eit debattemne med mange ulike oppfatningar, til dømes om kva som er ein bunad, og om ein kan endra på utforminga av draktene eller ikkje. Den norske bunadrørsla går tilbake til folkedansrørsla og føregangsfolk som Hulda Garborg og Klara Semb. I dag blir bunad brukt som nasjonaldrakt. Festbunad er likestilt med galla-antrekk, og ofte nytta ved særskilde høve, som konfirmasjonar eller d
Read more

Færeyskur hestur Heimild | Tengill | Tilvísanir | LeiðsagnarvalRossið - síða um færeyska hrossið á færeyskuGott ár hjá færeyska hestinum

Image
FæreyjarHestar færeyskahjaltlandshestinumíslenski hesturinnBretlandskolanámumenskuWikipediafæreyskuWikipediaRossið - síða um færeyska hrossið á færeysku Færeyskur hestur Úr Wikipediu, frjálsa alfræðiritinu Jump to navigation Jump to search Rani og Grani. Grani í vetrarfeldi. Færeyski hesturinn (færeyska: Føroyska rossið ) er hestur sem hefur lifað í Færeyjum í hundruði ára. Hann er smágerður, 120-132 cm á hæð, og helst skyldur hjaltlandshestinum. Hlutverk hans var að draga vagna og plóg og bera klyfjar. Hann hefur fjórar gangtegundir eins og íslenski hesturinn (þar með talið tölt) og er með fjölda litaafbrigði. Nú til dags er hann notaður til frístunda. Í lok 19. aldar voru til um 800 hross. Mörg þeirra voru seld til Bretlands til að vinna í kolanámum og um 1960 voru aðeins nokkrir hestar eftir. Átak var gert í að varðveita hestinn og eru nú til 70-80 hross í Færeyjum. [1] Heimild |   Wikimedia Commons er með margmiðlunarefni sem te
Read more