> From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On > Behalf Of Ludwig, Mark > > A customer claims to have configured the web (app) server to only allow > TLS 1.2 > (by disallowing up through TLS 1.1), and says that the client code > (which we > know is based on OpenSSL 1.0.2j) is nevertheless connecting using TLS > 1.1. We > are setting up a similar environment internally to diagnose what's > happening, > and I wonder if anyone has any advice on the "best" tool for "watching" > the TLS > version negotiation when the connection is being established. I've typically used Wireshark for this type of thing. If you are using RSA and have a copy of the server key, you can also examine the encrypted channel content. -Steve Wall -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
