> From: Wall, Stephen, Monday, November 28, 2016 6:52 AM > > > From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On > > Behalf Of Ludwig, Mark > > > > A customer claims to have configured the web (app) server to only allow > > TLS 1.2 > > (by disallowing up through TLS 1.1), and says that the client code > > (which we > > know is based on OpenSSL 1.0.2j) is nevertheless connecting using TLS > > 1.1. We > > are setting up a similar environment internally to diagnose what's > > happening, > > and I wonder if anyone has any advice on the "best" tool for "watching" > > the TLS > > version negotiation when the connection is being established. > > I've typically used Wireshark for this type of thing. If you are using RSA and have > a copy of the server key, you can also examine the encrypted channel content. Yes, thanks, a colleague today enlightened me that Wireshark will read the captured data from snoop. Voila! I didn't bother to get the key -- not sure it's RSA -- because I'm not interested in the encrypted data. I only want to see the TLS handshake, which Wireshark decodes nicely. Best, Mark -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
