[stunnel-users] Why the version of Client Hello is always TLS 1.0 ?

13 Jan 2021


      Hi, 
Why the TLS version is always 1.0 ? Please help to check.
Frame 11: 1721 bytes on wire (13768 bits), 1721 bytes captured (13768 bits)
Ethernet II, Src: fa:16:3e:53:dc:2f (fa:16:3e:53:dc:2f), Dst: IETF-VRRP-VRID_02 (00:00:5e:00:01:02)
Internet Protocol Version 4, Src: 10.160.8.11, Dst: 10.160.130.34
Transmission Control Protocol, Src Port: 50692, Dst Port: 9002, Seq: 1, Ack: 1, Len: 1655
Transport Layer Security
    TLSv1 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 1650
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 1646
            Version: TLS 1.2 (0x0303)
            Random: fd7cbf2da8172c362ebd3120b2dcd3886f3015eabfb5f167…
            Session ID Length: 32
            Session ID: 4ea202f00bd35c102c97e8621f68e33dd59ad8ee95a58a2f…
            Cipher Suites Length: 170
            Cipher Suites (85 suites)
            Compression Methods Length: 1
            Compression Methods (1 method)
            Extensions Length: 1403
            Extension: server_name (len=18)
            Extension: ec_point_formats (len=4)
            Extension: supported_groups (len=28)
            Extension: session_ticket (len=1296)
            Extension: signature_algorithms (len=32)
            Extension: heartbeat (len=1)
Following are the config file:
;**************************************************************************
; * Global options                                                         *
; **************************************************************************
; It is recommended to drop root privileges if stunnel is started by root
;setuid = stunnel4
;setgid = stunnel4
; PID file is created inside the chroot jail (if enabled)
pid = /home/stunnelnew.pid
; Debugging stuff (may be useful for troubleshooting)
;foreground = yes
;debug = info
debug = debug 
output = /home/log/stunnelnew.log
;options = NO_SSLv2
;options = NO_SSLv3
;options = NO_TLSv1
;options = NO_TLSv1.1
;sslVersionMax = TLSv1.2
;sslVersionMin = TLSv1.2
; **************************************************************************
; * Service definitions (remove all services for inetd mode)               *
; **************************************************************************
[xxxxxxxxxxxx]
;socket = a:SO_REUSEADDR=no
retry = yes
;options = NO_SSLv2
;options = NO_SSLv3
;options = NO_TLSv1
;options = NO_TLSv1.1
sslVersion = TLSv1.2
;socket = l:SO_LINGER=1:13
;sslVersionMin = TLSv1.2
cert = /home/x/ssltest/x/server.cer
key = /home/x/ssltest/x/server_key.pem
CAfile = /home/x/ssltest/x/trust.cer
client = yes
accept = 31115 
connect = 10.160.1.11:9113
liuyongjiao@synqnc.com

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[stunnel-users] Why the version of Client Hello is always TLS 1.0 ?