Wednesday, February 4, 2015

Proving In Packet Captures TLS Encryption Over SSLv3

My customer and I (mainly him) have been working on an SSLv3 issue with one of the firewalls.  We needed to disable SSLv3 because of the vulnerabilities that have been found, and use TLS instead for encryption.  The firewall IPS expected to drop anything that used SSLv3.  The problem was that the firewall IPS was blocking the traffic, even when we disabled SSLv3 on the client.  We expected to get traffic through this time, but instead, it got dropped again.  Not good.
So, with a call in to TAC, we felt like we were going to need to prove to TAC that we were actually sending traffic with TLS instead of SSLv3.  We could tell TAC all day long that our client device was set correctly in the browser properties, but we needed to prove it.  Once again, proof is what you need, and wireshark is the tool of choice.  So we found ourselves down where we needed to plug in our laptop for the capture.  And with some switch config for monitoring, this is what we found when we generated the traffic:


  1. I totally agree, Wireshark is the tool of choice! Sometimes I even refer to Wireshark as my best friend. (I'm very careful not to mention this to my wife....haha!!)

    1. Man, I totally agree. Its a tossup between Wireshark and Capsa! Im working on a Capsa review right now, so stay tuned for it.


Your comment will be reviewed for approval. Thank you for submitting your comments.