I support a .NET site which (amongst many, MANY, other things) talks to remote APIs from supplier systems.
We want to upgrade to support TLS 1.2 We're hoping to do so as per this question: Are there .NET implementation of TLS 1.2?
But how do I check that this is actually working once I've made the change.
Ideally one of my supplier sites would start using TLS 1.2 ONLY and then my test could just be "can we talk to that supplier now?" But we don't have that. I'm guessing I can do something with a packet sniffer of some sort, but I wouldn't know what I was looking for exactly, nor how to set up the sniffer to be collecting the neccessary data in a readable manner.
Either:
Or
If you capture the connection creation in Wireshark, and examine the first packet from the client, then Wireshark will annotate the fields in the ClientHello
struct for you, including the TLS version requested by the client.
Similarly, if you look at the first reply packet from the server, then Wireshark will annotate the fields in the ServerHello
struct for you, including the TLS version settled on for the connection.
See this blog post or this one for worked examples.