Mbed forum

TLS version number in a Client Hello packet

(Alan Chen) #1

In my config.h file I only enable MBEDTLS_SSL_PROTO_TLS1_2. However, from the Wireshark capture, I see the Version field dissected in the TLS record layer still indicates TLS 1.0 (0x0301). Shall I do anything about it?
cloudfront_clienthello_msg

0 Likes

(Alan Chen) #2

Admin, sorry I posted on the wrong forum. It was meant to go to Mbed TLS. Can you move it for me? Thanks.

0 Likes

(Alan Chen) #3

I traced down the TLS version number. The v1.0 comes from this

int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
                                 int endpoint, int transport, int preset )
{
	...
	
    switch( preset )
    {
		...
		
        default:
            conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
            conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */
            conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
            conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
	}
}

Once I changed min_minor_ver to:

conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */

I am getting TLS v1.2 in Wireshark. Any problem with what I am doing?

0 Likes