Skip to main content

TLS Handshake Troubleshooting Using Wireshark

Article # 3035884 - Page views: 24

Article # 3035884 - Page views: 24


Troubleshoot TLS Handshake issues using Wireshark



When an HTTPS connection is made, the client and server must agree on which TLS version and Cipher Suite they will use to encrypt/decrypt the communications.  The 3-Step negotiation is called the TLS Handshake:

  1. Client sends a Client Hello, presenting a TLS version and a list of cipher suites it supports
  2. Server compares the client's list of cipher suites with its own list of supported cipher suites and chooses the first cipher suite that matches.  Server sends a Server Hello message indicating which cipher suite it has chosen along with a Handshake message encrypted using the cipher suite
  3. Client decrypts the Handshake message and sends back its own encrypted Handshake message for the server to decrypt

If the Client and Server are unable to agree on a common TLS version and/or Cipher Suite, the handshake fails and communication is terminated.


  1. On the server, download and install Wireshark
  2. Run Wireshark
  3. On the Wireshark Welcome screen, select Ethernet
  4. In the Apply a display filter field, enter the following (where IPAddress is the IP Address of the client)
    ip.addr == IPAddress
  5. Click the right arrow button to apply the filter.  The filter will only display traffic to and from the client's IP Address
  6. Click the blue sharkfin icon to start the trace
  7. Attempt to connect to the server from the client
  8. Once the connection attempt fails, click the red square icon in Wireshark to stop the trace
  9. In the Packet List pane, select the event with Client Hello in the Info field.
  10. In the Packet Details pane, expand the Transport Layer Security section
  11. Expand the TLSv(version) Record Layer: Handshake Protocol:  Client Hello section
  12. Expand the Handshake Protocol: Client Hello section
  13. Note the Version value listed in this section.  This is the TLS version that the client is offering to the server to use for secure communication.
  14. Expand the Cipher Suites section
  15. Note the names of all the Cipher Suites that are listed and the order in which they are listed.
  16. From the Wireshark main menu, select File | Save to save a copy of the Wireshark trace for future analysis


Level of Complexity 



Applies to  

Product Version Build Environment Hardware
Kofax Front Office Server 4.3




  • Was this article helpful?