TLS Version and SSLDUMP

Question

Hi all, 
I am trying to figure out if server behind Big-IP is capable of doing TLS 1.2 Supposedly it should. 
I have taken a tcpdump of target traffic as below:
tcpdump -vvv -s 0 -nni 0.0 -w /var/tmp/www-ssl-l7_3.cap host 4O.81.38.X29 and port 7008
ssldump -nr /var/tmp/www-ssl-l7_3.cap &gt; /var/tmp/ssl_out.txt

ssldump output looks like this:
New TCP connection 1: 10.XX.17.86(30809) &lt;-&gt; 4O.81.38.X29(7008)
1 1  0.0161 (0.0161)  C&gt;S  Handshake
  ClientHello
    Version 3.3 
    cipher suites
    Unknown value 0xc02c
    Unknown value 0xc024
    Unknown value 0xc00a
    Unknown value 0xc030
    Unknown value 0xc028
    Unknown value 0xc014
    Unknown value 0xc02b
    Unknown value 0xc023
    Unknown value 0xc009
    Unknown value 0xc02f
    Unknown value 0xc027
    Unknown value 0xc013
    Unknown value 0xc008
    Unknown value 0xc012
    Unknown value 0xc007
    Unknown value 0xc011
    Unknown value 0x9f
    Unknown value 0xa3
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA
    Unknown value 0x9d
    TLS_RSA_WITH_AES_256_CBC_SHA
    Unknown value 0x9e
    Unknown value 0xa2
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA
    Unknown value 0x9c
    TLS_RSA_WITH_AES_128_CBC_SHA
    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
    TLS_RSA_WITH_3DES_EDE_CBC_SHA
    TLS_RSA_WITH_RC4_128_SHA
    TLS_RSA_WITH_RC4_128_MD5
    Unknown value 0xff
    compression methods
              NULL
              1 2  0.0297 (0.0136)  S&gt;C  Handshake
  ServerHello
    Version 3.3 
    session_id[32]=
      57 ca a1 8d 7b 9e 64 80 df b3 28 3a 82 06 ad 29 
      ba f3 e6 a5 bf e7 bb a9 24 64 32 5c 93 d6 3d 78 
    cipherSuite         Unknown value 0x9d
    compressionMethod                   NULL
            1 3  0.0390 (0.0092)  S&gt;C  Handshake
                  Certificate
                  1 4  0.0390 (0.0000)  S&gt;C  Handshake
  ServerHelloDone
  1 5  0.0973 (0.0583)  C&gt;S  Handshake
  ClientKeyExchange
  1 6  0.0973 (0.0000)  C&gt;S  ChangeCipherSpec
  1 7  0.0973 (0.0000)  C&gt;S  Handshake
  1 8  0.1112 (0.0138)  S&gt;C  ChangeCipherSpec
  1 9  0.1122 (0.0010)  S&gt;C  Handshake
  1 10 0.1150 (0.0028)  C&gt;S  application_data
  1 11 0.1281 (0.0131)  S&gt;C  application_data
  1    0.1282 (0.0000)  S&gt;C  TCP FIN
  1 12 9.5960 (9.4678)  C&gt;S  Alert
  1    9.5982 (0.0022)  C&gt;S  TCP FIN

Is there a way to read TLS version the client is offering in client Hello?
Thanks.

nathe · Answer

alex100,&nbsp;
The TLS version can be retrieved from the Version line in client and server hellos. Version 3.3 means TLS 1.2. So looks like both client and server agreed upon TLS 1.2.&nbsp;
Version 3.0 is SSLv3, 3.1 is TLS1.0, 3.2 is TLS 1.1&nbsp;
Hope this helps,&nbsp;
N&nbsp;

Forum Discussion

TLS Version and SSLDUMP

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

CLIENT_HELLO SSL TLS version insert

TMOS script for updating SSL profile cipher group and TLS versions

How to change TLS version 1.0 settings to version 1.2 or 1.3 in F5 DDoS product

F5 CIS, TLS Extensions, and troubleshooting

TLS 1.2 for ssldump data decrypt revisited

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS