Share via

TLS 1.3 doesn't work on Windows 11 through SChannel API [TLS]

Ajaykumar Jaiswal 6 Reputation points
2023-06-26T08:34:27.0833333+00:00

Hi There,

We are trying to implement TLS 1.3 using SChannel support in our application.

sharing below client handshake Wireshark trace 

Transport Layer Security
    TLSv1.3 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 237
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            .......
            Extensions Length: 120
            Extension: supported_versions (len=9)
                Type: supported_versions (43)
                Length: 9
                Supported Versions length: 8
                Supported Version: TLS 1.3 (0x0304)
                Supported Version: TLS 1.2 (0x0303)
                Supported Version: TLS 1.1 (0x0302)
                Supported Version: TLS 1.0 (0x0301)

Server hello:

Transport Layer Security
    TLSv1.3 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 122
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            ....
            Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
			...
            Extension: supported_versions (len=2)
                Type: supported_versions (43)
                Length: 2
                Supported Version: TLS 1.3 (0x0304)
			....
    TLSv1.3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec

After few communication, it get reset here, see below

Transmission Control Protocol, Src Port: 57073, Dst Port: 992, Seq: 348, Ack: 2655, Len: 0
    Source Port: 57073
    Destination Port: 992
    [Stream index: 56]
    [Conversation completeness: Complete, WITH_DATA (63)]
    [TCP Segment Len: 0]
    Sequence Number: 348    (relative sequence number)
    Sequence Number (raw): 2237408118
    [Next Sequence Number: 348    (relative sequence number)]
    Acknowledgment Number: 2655    (relative ack number)
    Acknowledgment number (raw): 1288903016
    0101 .... = Header Length: 20 bytes (5)
    Flags: 0x014 (RST, ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgment: Set
        .... .... 0... = Push: Not set
        .... .... .1.. = Reset: Set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set
        [TCP Flags: ·······A·R··]
    Window: 0

Can you please help understand why this reset happened. Is this some issue with Microsoft API not supporting TLS 1.3 or something is wrong from my side.

Image attached

Please advice.

Thank you Regards: Ajay

Windows for business | Windows Client for IT Pros | User experience | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ajaykumar Jaiswal 6 Reputation points
    2023-06-26T08:41:56.52+00:00

    TLS1.3Support1

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.