> On Apr 24, 2017, at 7:11 PM, Blumenthal, Uri - 0553 - MITLL <uri@xxxxxxxxxx> wrote: > > Please report tshark output, not an approximate rendition. In what direction > is the alert sent? > > I’m using WireShark. The IP addresses on the Alert packet show local host as the source, and the proxy as the destination. Is there another way to tell the direction? Or how to present it in a way that I can sanitize the output and post here? I get slightly annoyed when I take the time to help, but my response is skimmed over and not read carefully. Upthread I said: See my recent post: https://www.spinics.net/lists/openssl-users/msg05623.html for instructions on how to extract SSL info from PCAP files in a way that mostly trims away endpoint details... (of course SNI names and cert names would still be there, so you'd need to trim those if you want to anonymize the guilty parties). Install tshark somewhere, and use it to decode the PCAP file. Then post the results. If the alert is from the application to the proxy, then most likely the application does not trust the proxy MiTM root CA. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
