How to check which TLS cipher suite is used in tcp connection

0

I am using imapfilter to sort my mails on a remote IMAP server provided by some company. My configuration restricts imapfilter to the usage of TLS 1.2 via STARTTLS. I do know how to check which TLS cipher suites are supported by the IMAP server via sslyze. I would like to know how to verify that TLS 1.2 is indeed used and which cipher suite is chosen. Is there e.g. some wireshark incantation which answers this question easily? Or is there some other tools that can be used for this.

jmg

Posted 2016-01-16T20:47:33.203

Reputation: 111

Answers

1

You should be able to use OpenSSL's s_client command-line tool for this, e.g.:

$ openssl s_client -connect 1.2.3.4:143 -starttls imap ...

The key part is the -starttls imap option; without this, s_client will try to perform the SSL/TLS handshake immediately after connecting.

The rest of the s_client output should show you the negotiated ciphersuite, protocol version, and other useful information.

Hope this helps!

Castaglia

Posted 2016-01-16T20:47:33.203

Reputation: 257

This does not observe which cypher is actually used when imapfilter connects. But it shows what cypher could be chosen. – jmg – 2016-03-19T21:49:27.143

If you know the TLS-related imapfilter configuration (e.g. its ciphersuites/protocol versions), you should be able to set them via the openssl s_client command-line options to show (ideally) what is used when imapfilter connects, yes? – Castaglia – 2016-03-19T21:57:55.803

Asked: 2016-01-16T20:47:33.203

Viewed: 549 times

Active: 2016-03-11T05:26:35.897