[openssl-users] Any advice/recommendation for watching TLS version negotiation

Wall, Stephen swall at redcom.com
Mon Nov 28 12:52:17 UTC 2016

> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On
> Behalf Of Ludwig, Mark
> A customer claims to have configured the web (app) server to only allow
> TLS 1.2
> (by disallowing up through TLS 1.1), and says that the client code
> (which we
> know is based on OpenSSL 1.0.2j) is nevertheless connecting using TLS
> 1.1.  We
> are setting up a similar environment internally to diagnose what's
> happening,
> and I wonder if anyone has any advice on the "best" tool for "watching"
> the TLS
> version negotiation when the connection is being established.

I've typically used Wireshark for this type of thing.  If you are using RSA and have a copy of the server key, you can also examine the encrypted channel content.

-Steve Wall

More information about the openssl-users mailing list