[openssl-users] Any advice/recommendation for watching TLS version negotiation

Ludwig, Mark ludwig.mark at siemens.com
Wed Nov 23 20:00:00 UTC 2016


We have embedded OpenSSL 1.0.2j in our application order to securely
communicate with a Java Servlet engine (such as Tomcat).  Our application uses
SSLv23_method(), so I expect it to negotiate up through TLS 1.2 (right?).
A customer claims to have configured the web (app) server to only allow TLS 1.2
(by disallowing up through TLS 1.1), and says that the client code (which we
know is based on OpenSSL 1.0.2j) is nevertheless connecting using TLS 1.1.  We
are setting up a similar environment internally to diagnose what's happening,
and I wonder if anyone has any advice on the "best" tool for "watching" the TLS
version negotiation when the connection is being established.

The client environment is Solaris 10.  I'm obtaining the necessary privileges
to use the snoop command.  Does anyone have any do's or don'ts for using snoop?

Thanks in advance!

Mark Ludwig

Siemens Product Lifecycle Management Software Inc.
Communications and Government Affairs
Product Lifecycle Management
Lifecycle Coll
5939 Rice Creek Parkway
Shoreview, MN  55126 United States 
Tel.      :+1 (651) 855-6140
Fax      :+1 (651) 855-6280
ludwig.mark at siemens.com 

More information about the openssl-users mailing list