[openssl-users] Any advice/recommendation for watching TLS version negotiation
Wall, Stephen
swall at redcom.com
Mon Nov 28 12:52:17 UTC 2016
> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On
> Behalf Of Ludwig, Mark
>
> A customer claims to have configured the web (app) server to only allow
> TLS 1.2
> (by disallowing up through TLS 1.1), and says that the client code
> (which we
> know is based on OpenSSL 1.0.2j) is nevertheless connecting using TLS
> 1.1. We
> are setting up a similar environment internally to diagnose what's
> happening,
> and I wonder if anyone has any advice on the "best" tool for "watching"
> the TLS
> version negotiation when the connection is being established.
I've typically used Wireshark for this type of thing. If you are using RSA and have a copy of the server key, you can also examine the encrypted channel content.
-Steve Wall
More information about the openssl-users
mailing list