How can you identify the TLS protocol version negotiated in a handshake?

Prepare for the Wireshark Traffic Analysis Exam. Study with flashcards and multiple choice questions, each question includes hints and explanations. Ace your exam!

Multiple Choice

How can you identify the TLS protocol version negotiated in a handshake?

Explanation:
The version that will be used is determined during the TLS handshake and is communicated in the handshake messages. The client proposes which versions it supports in the ClientHello, and the server selects one and replies with a ServerHello using that version. Wireshark surfaces this as the negotiated protocol version shown in the handshake, such as TLS 1.2 or TLS 1.3. In TLS 1.3, the final choice is also conveyed via the supported_versions mechanism, while the legacy record-layer version fields are kept for compatibility and aren’t always indicative of the actual negotiated version. So, inspecting the ClientHello and ServerHello and reading the negotiated version shown in the handshake is the reliable way to identify the protocol version that was agreed upon.

The version that will be used is determined during the TLS handshake and is communicated in the handshake messages. The client proposes which versions it supports in the ClientHello, and the server selects one and replies with a ServerHello using that version. Wireshark surfaces this as the negotiated protocol version shown in the handshake, such as TLS 1.2 or TLS 1.3. In TLS 1.3, the final choice is also conveyed via the supported_versions mechanism, while the legacy record-layer version fields are kept for compatibility and aren’t always indicative of the actual negotiated version. So, inspecting the ClientHello and ServerHello and reading the negotiated version shown in the handshake is the reliable way to identify the protocol version that was agreed upon.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy