0

I want to view the SSL version used in the request and response but in Fidder it doesn't show the version attribute in Raw view in Inspector. I have ensure Connects Rule is enabled as per : How to test which version of TLS my .Net client is using

Any ideas?

Here's what my response looks like :

HTTP/1.1 200 OK Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Content-Type: application/json; charset=utf-8 Expires: 0 Vary: Accept-Encoding Persistent-Auth: true Date: Mon, 25 Jun 2018 14:45:42 GMT Content-Length: 629

{"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlIjpbIk15RGVhbFVzZXIiLCJBY2Nlc3NBcHByb3ZlciIsIkRlYWxUZWFtIiwiRGVhbEFkbWluIiwiSW50ZXJuYWwiXSwidW5pcXVlX25hbWUiOiIzIiwiaXNJbnRlcm5hbFVzZXIiOnRydWUsImdpdmVuX25hbWUiOiJSdWJhbiBTaXZhIiwic2Vzc2lvbklkIjoiNjcyNzgyZGUtODQ0Yi00ZWNhLTkzZjUtNzk1YWRkMTE5NmNkIiwiaXNEQ01Vc2VyIjp0cnVlLCJpc0VDTVVzZXIiOnRydWUsIndpbmFjY291bnRuYW1lIjoiaGJldVxcc2l2YXJ1YmEiLCJIU0JDU3RhZmZJZCI6IjQ0MDM3NDg3IiwiaXNzIjoiTXlEZWFsLURldiIsImF1ZCI6Ik15RGVhbC1EZXYiLCJleHAiOjE1Mjk5MzgxMjMsIm5iZiI6MTUyOTkzNzk0M30.Gq0sWGyzE986urd3PoVsM64BMsNzdkf9OnExFhTbd48","token_type":"bearer","expires_in":179.63785779999998}

Rubans
  • 4,188
  • 6
  • 40
  • 58
  • You'll find the TLS version in the handshake messages, not the HTTP requests. SSL/TLS establishes a *channel* through which the HTTP messages pass. The parameters used to establish that channel appear on the SSL-related messages – Panagiotis Kanavos Jun 25 '18 at 14:54
  • @PanagiotisKanavos When you mean handshake, do you mean the response window? – Rubans Jun 25 '18 at 15:18
  • On the contrary, I mean that inspecting the request/response is the *wrong* thing to inspect. By the time the request is made the SSL channel is already established and transparent to the request itself. Before the first request is made you'll see a grayed-out entry with `Tunnel to` in the host field and the target DNS name in the URL field. When you check *that* message you'll see the SSL information in the `Raw` inspector – Panagiotis Kanavos Jun 25 '18 at 15:23
  • @PanagiotisKanavos Thanks, I see what you mean now. Initially I had edited the HTTPs versions so wasn't showing the actual handshake messages but I reset it back to ;ssl3;tls1.0 and now can see it. – Rubans Jun 25 '18 at 15:37

0 Answers0