Troubleshoot TLS Handshake issues using Wireshark
When an HTTPS connection is made, the client and server must agree on which TLS version and Cipher Suite they will use to encrypt/decrypt the communications. The 3-Step negotiation is called the TLS Handshake:
- Client sends a Client Hello, presenting a TLS version and a list of cipher suites it supports
- Server compares the client's list of cipher suites with its own list of supported cipher suites and chooses the first cipher suite that matches. Server sends a Server Hello message indicating which cipher suite it has chosen along with a Handshake message encrypted using the cipher suite
- Client decrypts the Handshake message and sends back its own encrypted Handshake message for the server to decrypt
If the Client and Server are unable to agree on a common TLS version and/or Cipher Suite, the handshake fails and communication is terminated.
- On the server, download and install Wireshark
- Run Wireshark
- On the Wireshark Welcome screen, select Ethernet
- In the Apply a display filter field, enter the following (where IPAddress is the IP Address of the client)
ip.addr == IPAddress
- Click the right arrow button to apply the filter. The filter will only display traffic to and from the client's IP Address
- Click the blue sharkfin icon to start the trace
- Attempt to connect to the server from the client
- Once the connection attempt fails, click the red square icon in Wireshark to stop the trace
- In the Packet List pane, select the event with Client Hello in the Info field.
- In the Packet Details pane, expand the Transport Layer Security section
- Expand the TLSv(version) Record Layer: Handshake Protocol: Client Hello section
- Expand the Handshake Protocol: Client Hello section
- Note the Version value listed in this section. This is the TLS version that the client is offering to the server to use for secure communication.
- Expand the Cipher Suites section
- Note the names of all the Cipher Suites that are listed and the order in which they are listed.
- From the Wireshark main menu, select File | Save to save a copy of the Wireshark trace for future analysis
Level of Complexity
|Kofax Front Office Server||4.3