3

How will be cipher selected when a client is running on version TLS 1.3 and server is running on TLS 1.2?

The cipher list provided by TLS 1.3 client will be different than the version supported on the TLS 1.2 server.

Maarten Bodewes
  • 92,551
  • 13
  • 161
  • 313
rakesh sharma
  • 91
  • 2

1 Answers1

4

If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake will fail. Otherwise the cipher will be selected as it is usually done with TLS 1.2: the client shows which ciphers it supports in the ClientHello and the server will pick the one which a) is supported by the server and b) fits the type of certificate of the server (i.e. authentication RSA or ECDSA). If there is no common cipher the handshake will fail.

Steffen Ullrich
  • 1,558
  • 9
  • 11
  • As we know the cipher list of TLS1.3 is completely different then TlS1.2 and below version. Here my question is, if server supports tls1.2 and below version, how the cipher will be selected from the cipher list available in client hello of TLS1.3 version(where cipher list available in tls1.3 is different then tls1.2) – rakesh sharma Apr 21 '19 at 19:08
  • @rakeshsharma This might lead to the two lists having no entries in common, hence connection failure – Hagen von Eitzen Apr 21 '19 at 19:50
  • @rakeshsharma: If the client is only supporting TLS 1.3 or only TLS 1.3 ciphers the SSL handshake fails. If the client supports also older ciphers and TLS 1.2 and there is cipher overlap with the server then the server can pick a shared cipher, otherwise it will fail. – Steffen Ullrich Apr 21 '19 at 20:27
  • 1
    @SteffenUllrich Thanks for your reply, Actually in one openssl Library(1.1.*), the cipher list provided by client was only having the ciphers supported in tls1.3 though client was supporting all the version(i confirmed it by checking the supported_version extension ) so i thought if this is the case then it will never work if server supports the version below tls_1.3 because of no common ciphers and will break everything. i have not observed the same in the latest openssl library(1.1.1b) , it includes all the previous ciphers in cipher list along with new ciphers. – rakesh sharma Apr 22 '19 at 10:05