We're now a non-profit! Support open source packet analysis by making a donation.

Wireshark-users: Re: [Wireshark-users] Problem deciphering an openssl stream

Date: Mon, 11 Oct 2010 13:22:07 +0200 (CEST)
Hi Philippe,

Very interesting documentation. Certainly worth adding to the SSL wiki page.

Is there any way I can validate that my client is using a DH algorithm ?

I looked at the trace again, the thing that looks like choosing the protocol is the following :

TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
    Content Type: Change Cipher Spec (20)
    Version: TLS 1.0 (0x0301)
    Length: 1
    Change Cipher Spec Message

But it does not mention any protocol names. Nor does it in the debug log.
In the trace, look at the Server Hello.

It should contain something like 'Cipher Suite'.

I've just done a quick test, and for me, it looks like:
"Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)"

If you're using Firefox as your client, you can view what it's configured to use by typing 'about:config' in your address bar. Then filter on 'security', and you'll see all the cipher suites Firefox is including in its Client Hello and offers the Server to pick from.