[stunnel-users] Wireshark didn't show TLSv1 traffic?

Michal Trojnara Michal.Trojnara at mirt.net
Thu Feb 17 17:42:59 CET 2011

"Bao, Robert" <rbao at tycoint.com> wrote:
> I have "ciphers = AES256-SHA" option in stunnel.conf file. And when the
> server/client established the connection, I see this line in the log
> file:
> Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
> However when I use Wireshark to sniff the traffic, I only see "TCP" in
> the <Protocol> column for the traffics between the server and the
> client.
> Is this normal? What did I do wrong?

Wireshark decodes protocols based on their port numbers.  It does not
attempt to guess the protocol type.  Whenever you use SSL on a non-standard
port, you need to manually reconfigure Wireshark.  On Windows just
right-click on a packet and select "Decode As" to configure non-standard
port as an SSL-based service.


More information about the stunnel-users mailing list