0

I am trying to verify the TLS version that my application is using with a server that I connect to. Normally, I use Wireshark and I see the protocol listed as TLS1.2 or something else.

In the current situation, I am using an HTTP proxy. My understanding is that HTTP proxies do not perform TLS termination so after the CONNECT, there still is a TLS session that gets established between my application and the server, although from the Wireshark perspective, the destination will be that of the HTTP proxy.

When I setup a filter to capture traffic being sent to the HTTP proxy, I see the CONNECT in the traffic but I do not see the TLS handshake.

How do I check the TLS version used in this scenario?

I'm totally open to other tools or recommendations on how to solve this. My application is on a Linux machine.

jglouie
  • 103
  • 1
  • 1
  • 6
  • 1
    HTTP proxies normally use a port not 'reserved' for SSL/TLS, so Wireshark doesn't know it should use that decoding. Right-click on a relevant line in the packet list pane, DecodeAs, adjust the filtering to select the server port (which is consistent while the client port is transient), choose SSL in the rightmost list or pulldown (depending on Wireshark version), and confirm. – dave_thompson_085 Nov 01 '18 at 07:36
  • @dave_thompson_085 this helped. thank you! If you write it as an answer I'll go ahead and accept it – jglouie Nov 02 '18 at 16:07

1 Answers1

1

I remembered a cross-stack dupe so copying with adjustments:

Wireshark decodes for display based on (mostly) the ports used as source and/or destination. It knows some standard ports like 443 and 465 are SSL/TLS but it does not know ports allocated on a nonstandard, ad-hoc basis -- and for an HTTP proxy handling CONNECT, only temporarily.

Rightclick a packet for this session in the packet-list pane and choose DecodeAs..., or select a packet and choose Analyze / DecodeAs.... and in version 2 click the '+' (add) button; then adjust the selection by port as necessary and in the right-hand pulldown (or in version 1 listbox) select SSL (which actually means SSL-and-TLS).

dave_thompson_085
  • 3,262
  • 1
  • 16
  • 16