This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SSl/TLS Handshake Protocol: Cipher Suites (20 suites)?

0

I am using version 1.10.7 of Wireshark.

I have seen a few tutorials that describe the various contents of a "handshake" packet. I have only found tutorials for older versions, so when it describes the details of the packet under Handshake Protocol: and I get to the part where it says Cipher Suite: etc... I don't see the cipher suite used. Instead I see a list of 20 cipher suites. I can't see which one of the suites was actually used.

Little help?

asked 28 Apr '14, 18:20

plasmasnakeneo's gravatar image

plasmasnakeneo
6113
accept rate: 0%

edited 28 Apr '14, 20:53


One Answer:

1

I guess you're talking about a SSL/TLS handshake. The list of cyphers is sent from one node to the other, which then picks the cypher it likes best, sending back the index of the chosen cypher in its next packet. You should be able to find it by looking for that packet following the cypher list.

answered 28 Apr '14, 18:51

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Yes, thank you. I thought I should have seen what cipher suite it used within the handshake packet but that was not the case. I updated the title of the thread so that it reflects my initial problem better, since you seemed unclear about what I was looking for, that way others can find it easier as well.

(28 Apr '14, 20:51) plasmasnakeneo