Burp Suite User Forum

TLSv1.3 not accepted by server preferences

Bejal | Last updated: Jul 26, 2019 03:44PM UTC

Hiya I'm trying to route traffic from an app on my android through the Burp proxy. I've set up the proxy/installed the burp certificate so that traffic can come through just fine from Chrome on my phone - however when I try run other requests on the app I get this message in the Event Log `the client supported protocol versions [TLSv1.3, (D)TLS--5.26] are not accepted by server preferences [TLS12, TLS11, TLS10, SSL30, SSL20Hello]` For context, i've checked `select all` on Project Options > SSL Protocols and SSL Ciphers. I've also run the .jar version of burp with the latest JDK release. I'm also quite new to Burp, so I feel like I might be missing some configuration here? Any help or resources is appreciated! :)

Liam, PortSwigger Agent | Last updated: Jul 29, 2019 07:55AM UTC

Have you tried using the "Use custom protocols and ciphers" setting and only using TLSv1.3?

Burp User | Last updated: Jul 30, 2019 11:41AM UTC

Hi Liam, yes I have tried to do that. I've tried checking all of the options and then only checking TLSv1.3 but still to no avail

Liam, PortSwigger Agent | Last updated: Jul 31, 2019 11:04AM UTC

Is the application publicly accessible? If so, we'd like to do some testing to find a solution.

Burp User | Last updated: Aug 23, 2019 10:15PM UTC

Same problem Why does not Burp suppor TLS 1.3?

Liam, PortSwigger Agent | Last updated: Aug 28, 2019 07:13AM UTC

Anton, is the application you are having issues with publicly accessible? If so, we'd like to do some testing to find a solution.

Burp User | Last updated: Aug 30, 2019 02:20PM UTC

I tested the latest facebook android app, with the same error. Even after the so patch done.

Burp User | Last updated: Aug 31, 2019 02:39AM UTC

Is it related to this? https://support.portswigger.net/customer/portal/questions/17566283-enable-tlsv1-3-support

Liam, PortSwigger Agent | Last updated: Sep 02, 2019 01:38PM UTC

Are you able to see TLS 1.3 in the “custom protocols and ciphers”?

Liam, PortSwigger Agent | Last updated: Sep 03, 2019 03:00PM UTC

We are currently working on a solution to this issue. We hope to have something to share during this quarter.

Burp User | Last updated: Oct 22, 2019 03:50PM UTC

Im also facing this issue cant read from facbook app in iOS it says The client supported protocol versions [TLSv1.3, (D)TLS--5.26] are not accepted by server preferences Im able to see TLS 1.3 in the “custom protocols and ciphers” and its enabled

Burp User | Last updated: Nov 06, 2019 09:34PM UTC

any news on this issue?

Michelle, PortSwigger Agent | Last updated: Nov 07, 2019 07:56AM UTC

There are no new updates yet, but we do still hope to have something to share during this quarter.

Burp User | Last updated: Dec 11, 2019 09:10AM UTC

I can confirm that this issue still exists in the latest version (Burp v2.1.04). If possible, I hope you can prioritize this becauselots of apps use TLS 1.3 to negotiate with the server, and Burp right now cannot do anything of that.

Mike, PortSwigger Agent | Last updated: Dec 11, 2019 09:11AM UTC

The latest version of Burp Suite Professional is 2.1.06 unless your using Community? The next version of Burp Suite will contain improvements to our SSL/TLS handshake process, so once that has been released you may find that it resolves your issue.

Burp User | Last updated: Jan 02, 2020 08:04PM UTC

This still happens on Burp Suite Community v.2.1.07 I have tried the protocols and ciphers supported/default by the Java Installation (11.0.5) and custom protocols and ciphers. There was always the same error: The client failed to negotiate a TLS connection to i.instagram.com:443: The client supported protocol versions [TLSv1.3, (D)TLS--5.26] are not accepted by server preferences [TLS12, TLS11, TLS10, SSL30, SSL20Hello]

Hannah, PortSwigger Agent | Last updated: Jan 03, 2020 09:23AM UTC

Hi Nerix. Are you able to intercept traffic from other apps? Or is it just Instagram that you are having trouble with?

Burp User | Last updated: Jan 15, 2020 08:50AM UTC

Hi Hannah, I facing the same issue, and it happened to another apps as well (eg zenly), but some apps are interceptable (eg gojek, grab, etc)

Ben, PortSwigger Agent | Last updated: Jan 16, 2020 10:18AM UTC

Hi Adib, Are you facing this issue whilst using a mobile device? If so, can you provide some details of what device you are using (including operating system version) alongside the sites you are having issues with?

Burp User | Last updated: Jan 23, 2020 09:30AM UTC

I am using curl with following commandline, same issue appears. $ curl -v https://www.google.com/ --http2 -x localhost:8080 --tlsv1.3 Burp Community v2.1.07 the client supported protocol versions [TLSv1.3] are not accepted by server preferences [TLS12, TLS11, TLS10, SSL30, SSL20Hello]

Hannah, PortSwigger Agent | Last updated: Jan 23, 2020 03:13PM UTC

TLS 1.3 has been disabled by default in Burp. This is due to the problems connecting that older Java versions have. After testing, we've determined that TLS1.3 will work with Java13. Packaging Burp with Java13 is something that we are actively working on, and hope to release soon. In the meantime, a suggested workaround would be to proxy your traffic through another tool to downgrade it to 1.2 before it reaches Burp. It appears that Fiddler has support for TLS1.3.

Burp User | Last updated: Jan 23, 2020 03:27PM UTC

Nerix Bona Please, use Burp Suite v1.7.36 JAR version. Tested on Android 8.0 - API 26, Facebook and Instagram working fine

Nerix | Last updated: Feb 29, 2020 10:04PM UTC

> Please, use Burp Suite v1.7.36 JAR version. I used Version 1, it's working fine. But I'm interested in some features introduced in newer versions.

Ben, PortSwigger Agent | Last updated: Mar 02, 2020 08:39AM UTC

Hi Nerix, Have you followed the advice that Hannah provided above?

Nerix | Last updated: Mar 26, 2020 04:03PM UTC

> Have you followed the advice that Hannah provided above? Using Java 13 with the latest Burp version still didn't work.

Hannah, PortSwigger Agent | Last updated: Mar 27, 2020 08:27AM UTC

Hi Nerix TLS 1.3 is currently disabled by default in Burp, so regardless of the Java version you are using it will still be unable to connect. We should have support for TLS1.3 soon, it's a feature we are currently working on. Have you tried proxying your traffic through another tool to downgrade it to 1.2 before it reaches Burp? It appears that Fiddler has support for TLS1.3.

You need to Log in to post a reply. Or register here, for free.