컬이 "Client Hello"에 TLSv1.3을 표시하지만 tshark가 "TLSv1"을 표시하는 이유는 무엇입니까?

컬이 "Client Hello"에 TLSv1.3을 표시하지만 tshark가 "TLSv1"을 표시하는 이유는 무엇입니까?

컬에 대한 출력 지침입니다 TLSv1.3 (OUT), TLS handshake, Client hello (1). --tlsv1.3강제로 사용하려면 다음을 사용하세요 TLSv1.3.

$ curl -6 --tlsv1.3  --tls13-ciphers TLS_AES_256_GCM_SHA384 -vL https://icanhazip.com
*   Trying 2606:4700::6812:7261:443...
* TCP_NODELAY set
* Connected to icanhazip.com (2606:4700::6812:7261) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLS 1.3 cipher selection: TLS_AES_256_GCM_SHA384
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: Apr  7 00:00:00 2023 GMT
*  expire date: Apr  6 23:59:59 2024 GMT
*  subjectAltName: host "icanhazip.com" matched cert's "icanhazip.com"
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55eab1370300)
> GET / HTTP/2
> Host: icanhazip.com
> user-agent: curl/7.68.0
> accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200 
< date: Tue, 19 Sep 2023 15:25:06 GMT
< content-type: text/plain
< content-length: 39
< access-control-allow-origin: *
< access-control-allow-methods: GET
< set-cookie: ...; path=/; expires=Tue, 19-Sep-23 15:55:06 GMT; domain=.icanhazip.com; HttpOnly; Secure; SameSite=None
< server: cloudflare
< cf-ray: ...
< alt-svc: h3=":443"; ma=86400
< 
2001:...
* Connection #0 to host icanhazip.com left intact
$

그러나 tshark를 사용하여 패킷을 검사하면 초기 "Client Hello"가 "TLSv1"로 표시됩니다. 후속 레코드에는 TLSv1.3이 표시됩니다.

$ tshark -i wlo1 -Y "tls"
Capturing on 'wlo1'
    6 0.104130915 <my IPv6 IP> → 2606:4700::6812:7261 TLSv1 341 Client Hello
    8 0.155371691 2606:4700::6812:7261 → <my IPv6 IP> TLSv1.3 2726 Server Hello, Change Cipher Spec, Application Data
   10 0.155931670 <my IPv6 IP> → 2606:4700::6812:7261 TLSv1.3 166 Change Cipher Spec, Application Data
   11 0.156028365 <my IPv6 IP> → 2606:4700::6812:7261 TLSv1.3 181 Application Data, Application Data
   12 0.156320000 <my IPv6 IP> → 2606:4700::6812:7261 TLSv1.3 181 Application Data, Application Data
   15 0.204002604 2606:4700::6812:7261 → <my IPv6 IP> TLSv1.3 655 Application Data, Application Data
   16 0.204002660 2606:4700::6812:7261 → <my IPv6 IP> TLSv1.3 439 Application Data
   17 0.204181004 <my IPv6 IP> → 2606:4700::6812:7261 TLSv1.3 117 Application Data
   18 0.204188232 2606:4700::6812:7261 → <my IPv6 IP> TLSv1.3 156 Application Data
   19 0.204188303 2606:4700::6812:7261 → <my IPv6 IP> TLSv1.3 117 Application Data
   21 0.204599136 <my IPv6 IP> → 2606:4700::6812:7261 TLSv1.3 110 Application Data
^C11 packets captured

두 출력 사이에 차이가 있는 이유는 무엇입니까?

내 초기 문제는 curl --tlsv1.3. 그러나 그렇지 않은 경우 --tlsv1.3컬의 출력이 표시되더라도 HTTP 403 응답을 받습니다 TLSv1.3. 먼저 이 차이점을 이해해야 합니다.

관련 정보