I cannot connect to my ladydebug.com site from my old Ubuntu 12.0 virtual machine. Instead of blog content the Firefox shows ssl_error_protocol_version_alert error. It means that browser does not support TLS protocol version that server requires. According to ssllabs.com ladydebug.com supports only TLS 1.2 and TLS 1.3 protocols. But Firefox browser users only SSL 3.0 and TLS 1.0 which are considered as vulnerable now.
Now how it looks in Wireshark. I send https GET request to ladydebug.com using curl and restricted maximum TLS version to 1.0:
|
# curl –tls-max 1.1 https://ladydebug.com curl: (35) error:1400442E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version |
Instead of html download curl presents connection error.
Client – server negotiation in Wireshark (Click on image to enlarge):
curl sends “Client Hello” to ladydebug.com server with TLS parameters including TLS supported version 1.0. The server responds with acknowledge and then sends fatal alert because it cannot communicate using TLS 1.0 and finally drops the connection.