How to find the symmetric key algorithm being used for a TLS connection in Wireshark?

Asked Mar 22 '22 at 00:09

Active Mar 22 '22 at 00:09

Viewed 947 times

I'm doing a TLS Wireshark lab and I can't find any information in Wireshark, the lab, or online how to find this answer:

What symmetric key cryptography algorithm is being used by the client and server to encrypt application data (in this case, HTTP messages)?

How do I find the symmetric key algorithm being used for this TLS connection in Wireshark?

Here are some screenshots:

asked Mar 22 '22 at 00:09

cocoakrispies98

1

**The ciphersuite in the ServerHello message tells you** several things: in 1.2 and below it tells you the keyexchange-plus-authentication method, symmetric cipher and (if applicable) HMAC hash, and only in 1.2 for some suites, the KDF hash (called PRF); in 1.3 it skips kx/auth and tells you the symmetric cipher (which always _includes_ the MAC), and the KDF hash. ServerHello should be about 2-4 messages before the ones you showed. – dave_thompson_085 Mar 22 '22 at 05:18

0 Answers0