IBM Support

Determining which cipher is used in HTTPS client-server communications

Technote (FAQ)


Question

How can you verify which cipher your RPT HTTPS script uses to communicate with the server?

Answer


TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols that provide data encryption and authentication between applications and servers where the data is being sent across the network,

An HTTPS script uses either SSL or TLS for the transport layer. Security is provided by encryption, which requires a cipher. The client (browser) has a list of ciphers that it supports.

During the initial handshake sequence between the client and the server, the client presents its cipher list to the server, and the server selects one of the ciphers. Or, if the server does not support any of those ciphers, the server rejects the client request.

You can use a utility called Wireshark to view this handshake exchange. Wireshark is commonly used in network engineering to diagnose and troubleshoot client-server exchanges. You can download a free copy of Wireshark from https://www.wireshark.org/download.html.

Use the following process to manually discover the cipher used by an RPT script by browsing the script's HTTPS URL in a Wireshark packet capture session.

1) First, exit any browsers that are currently open on your Windows desktop.

2) Start Wireshark. From the Wireshark menu bar, click Capture > Interfaces. Select the interface that your workstation uses.

Note: On Windows 7, enter Start > Run > ncpa.cpl to display your network connections.



3) After the initial screen displays in your browser, exit the browser.

4) Enter the filter tcp.port == 443. Click Apply.



5) Find the Client Hello and the Server Hello methods.



6) Double click the line containing the Client Hello.

7) Examine the Client Hello information that pops up in a separate window. Expand Secure Sockets Layer > Cipher Suites. These are the ciphers (cipher suites) that the client supports.



Note: When you open the RPT script in the test editor, these cipher suites are listed in the Available Ciphers panel. Example:



8) Close the Client Hello window.

9) Double click the line containing the Server Hello.

10) Examine the Server Hello information that pops up in a separate window. Expand Secure Sockets Layer details. Find the cipher suite that the server selected for client-server communications.

Related information

T6 support for TLS 1.1/1.2 and 256-bit ciphers

Historical Number

79462.7TD.000

Product Alias/Synonym

ITCAMfT
T7.4

Document information

More support for: Tivoli Composite Application Manager for Transactions
ITCAM TRANSACT RRT 5724S79RR v710

Software version: 7.4

Operating system(s): Windows

Reference #: 1962202

Modified date: 24 November 2016