I am inspecting TLS client hello for a simple connection using Chrome Version 85.0.4183.83 (Official Build) (64-bit). There is unexpected version labeled as "unknown" with a strange code number. I know of TLS versions and their numbers are noted in the standard. I looked at the strange version number and could not figure it out. Can anyone help me identify what is this unknown version number for? Does Chrome do this for any purpose?
This is the version:
Supported Version: Unknown (0x3a3a)
See this screenshot: https://i.imgur.com/NT70mRg.png
This is part of TLS "Grease", where the TLS client sends non-existing cipher suites, supported version, TLS extensions etc to make sure that implementations of TLS stacks do not rely too much on a specific implementation they've seen on the wire.
In the past implementations often did not actually implement the standards but instead made assumptions based on what was used in the real world. This caused these implementations to fail with newer TLS versions, new ciphers etc. This then made it necessary to work around such broken TLS stacks with things like TLS downgrading which caused its own problems.
In order to clean up this mess and enforce a more robust behavior in TLS stacks some TLS implementation (like BoringSSL in Chrome) add random stuff as defined in RFC 8701.
Thanks. I am aware of this trick by Chrome in the ciphersuites only. But have never read anything about it in the TLS version.
@seq: Actually I wasn't aware of it too until now. But since it looked like the same mechanism I just looked into the RFC and found supported_version also covered.