ssl_error_protocol_version_alert in Wireshark or weak security protocol on the client side

By | October 15, 2021

I cannot connect to my site from my old Ubuntu 12.0 virtual machine. Instead of blog content the Firefox shows ssl_error_protocol_version_alert error. It means that browser does not support TLS protocol version that server requires. According to supports only TLS 1.2 and TLS 1.3 protocols. But Firefox browser users only SSL 3.0 and TLS 1.0 which are considered as vulnerable now.
Old browser

Supported security protocols

Now how it looks in Wireshark. I send https GET request to using curl and restricted maximum TLS version to 1.0:

# curl –tls-max 1.1
curl: (35) error:1400442E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version

Instead of html download curl presents connection error.

Client – server negotiation in Wireshark (Click on image to enlarge):

Wireshark fatal alert

curl sends “Client Hello” to server with TLS parameters including TLS supported version 1.0. The server responds with acknowledge and then sends fatal alert because it cannot communicate using TLS 1.0 and finally drops the connection.

Leave a Reply

Your email address will not be published. Required fields are marked *