2

I want to debug IMAPS (port 993) session at client-side, e.g. to see:

  • which ciphers client offers to server to use for SSL
  • which one does server chooses, or which one are exactly uses during SSL session

I only know how to get the list of ciphers server supports with nmap (nmap -Pn --script ssl-cert,ssl-enum-ciphers -p 993 imap.example.com), but how to debug the session? I guess that tcpdump is my goal, but I only could see some encrypted traffic with tcpdumd from client side (tcpdump -lxX -s 1500 -i eth0 'port 993').

Improve this question
4
  • 1
    Use wireshark instead. This gives you a more detailed view including details of the ClientHello like the ciphers offered by the client.
    – Steffen Ullrich
    Commented Apr 18, 2016 at 9:00
  • If you have the server's private key you can add that to wireshark and wireshark will decode the stream for you. If you don't have that, then you're out of luck: One goal of SSL is to provide privacy from people who are indistinguishable from you.
    – arnt
    Commented Apr 18, 2016 at 9:53
  • @arnt I'm not asking how to sniff encrypted data - I'm just want to know parameters of SSL session (e.g. cipher type)
    – AntonioK
    Commented Apr 18, 2016 at 10:52
  • Some of the parameters are available as cleartext (and wireshark will show those right away), others are protected. In my experience just the cleartext is never enough, but I suppose you might be lucky.
    – arnt
    Commented Apr 18, 2016 at 13:02
Related questions
0
Transparent IMAPs proxy
0
No ciphers available for specific ECDSA certificate
1
The remote service supports the use of medium strength SSL ciphers errors in PCI scan
Load 2 more related questions Show fewer related questions

0

Reset to default

Browse other questions tagged or ask your own question.