HTTPS Tls 1.2 supported version extension

Question

Hello.
I have to ask you a little annoying question.
I am using Rebex Https (R6.0).
We set it to TLS 1.2 and connect with Synology DSM (7.01) WebDAV server.
ProtocolVersion error occurs when set to "Modern Compatibility" in Synology's security settings.
Connection works fine with TLS 1.3.
This is considered normal processing.
However, if you try using curl, you can set it to TLS 1.2.

From curl's request, it seems to be setting Extension: supported_versions.
So it seems to work well by receiving the supported version during Server Hello.

However, Rebex TLS 1.2 does not set Extension: supported_versions.
Can I set this up so that it connects over TLS 1.3?

The goal is TLS 1.2 by default, but I want to automatically connect to TLS 1.3 if TLS 1.2 is not supported.

Thank you.
Best Regards.

BooKyung Oh.
OpenBoxLab Inc.

Comments

This problem is the same with FTPS.

---

I used google translate and it looks a little weird.

Like curl, it starts with TLS 1.2, but if the server only supports TLS 1.3, I want to finally connect with TLS 1.3.

Currently, I try to reconnect with TLS 1.3 when a ProtocolVersion error occurs.

Answer 1

Update: Please disregard the response below. It seems that the TLS 1.3 RFC does actually make it possible for the client to announce support for both TLS 1.3 and 1.2, but with a preference of TLS 1.2. We will look into this next month!

---

If both the client and the server announce TLS 1.3 support, the connection is going to use TLS 1.3. This is an essential part of the TLS protocol because it prevents attacks based on protocol downgrade. The only way to enforce TLS 1.2 is to disable TLS 1.3 at the client or server side.

However, if you are unable to connect with a Rebex client (configured to only allow TLS 1.2) to a Synology server (configured to allow both TLS 1.2 and 1.3), something is obviously wrong somewhere. But this should not be cause by the lack of supported_version on Rebex ClientHello. If it was, that would indicate the server is not compliant with TLS 1.3 specification, which says:

If this extension is not present, servers which are compliant with this specification and which also support TLS 1.2 MUST negotiate TLS 1.2 or prior as specified in [RFC5246], even if ClientHello.legacyversion is 0x0304 or later. Servers MAY abort the handshake upon receiving a ClientHello with legacyversion 0x0304 or later.

Comments

Thanks for the reply.
The reason we are concerned about this is the higher CPU usage than expected when using TLS 1.3.
This is because, in some cases, when using a CPU with low performance, we have seen that it uses more than 50% of the CPU.

We connect TLS 1.2 by default, and hope to automatically upgrade to TLS 1.3 when the server returns only TLS 1.3 in "supported version".

We are waiting for the good news.

Wishing you a healthy and happy end of the year.

---

Happy new year to you as well! We will contact you in January when this feature is ready for testing.

Answer 2

Hi lanopk,
as my colleague Lukas promised in the previous answer, I have sent the experimental build to your email address.