[stunnel-users] Wireshark didn't show TLSv1 traffic?
Michal Trojnara
Michal.Trojnara at mirt.net
Thu Feb 17 17:42:59 CET 2011
"Bao, Robert" <rbao at tycoint.com> wrote:
> I have "ciphers = AES256-SHA" option in stunnel.conf file. And when the
> server/client established the connection, I see this line in the log
> file:
>
> Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
>
> However when I use Wireshark to sniff the traffic, I only see "TCP" in
> the <Protocol> column for the traffics between the server and the
> client.
>
> Is this normal? What did I do wrong?
Wireshark decodes protocols based on their port numbers. It does not
attempt to guess the protocol type. Whenever you use SSL on a non-standard
port, you need to manually reconfigure Wireshark. On Windows just
right-click on a packet and select "Decode As" to configure non-standard
port as an SSL-based service.
Mike
More information about the stunnel-users
mailing list