[stunnel-users] Wireshark didn't show TLSv1 traffic?

• Previous message (by thread): [stunnel-users] Wireshark didn't show TLSv1 traffic?
• Next message (by thread): [stunnel-users] Wireshark didn't show TLSv1 traffic?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Bao, Robert" <rbao at tycoint.com> wrote:
> I have "ciphers = AES256-SHA" option in stunnel.conf file. And when the
> server/client established the connection, I see this line in the log
> file:
> 
> Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
> 
> However when I use Wireshark to sniff the traffic, I only see "TCP" in
> the <Protocol> column for the traffics between the server and the
> client.
> 
> Is this normal? What did I do wrong?

Wireshark decodes protocols based on their port numbers.  It does not
attempt to guess the protocol type.  Whenever you use SSL on a non-standard
port, you need to manually reconfigure Wireshark.  On Windows just
right-click on a packet and select "Decode As" to configure non-standard
port as an SSL-based service.

Mike

• Previous message (by thread): [stunnel-users] Wireshark didn't show TLSv1 traffic?
• Next message (by thread): [stunnel-users] Wireshark didn't show TLSv1 traffic?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]