How do I check my TLS handshake?

How to check SSL connection using Wireshark?

I would like to test some of the connections which are being made through our https website. For instance, the SSL certificate from our company is installed in our clients' machines and whenever the clients want to use the https website then their browsers ask the SSL certificate and it connects to the server's https website and gets the response. I want to check whether the SSL connection is established or not. If it is established, then I would like to see the certificate of the certificate in the browser and the response from the server (and possibly some details about the SSL connection such as the version, protocol etc.)
I have used Wireshark for sniffing but I'm not sure what I should do to get this information. Can anybody please help me? Well I'll bite and provide answer to my own question. To view certificate of the client's browser, use the following filter in Wireshark: (ip.src == "your.com") && ip.port == 443 && (ssl.protocol == "tlsv1.0")
The filter will result in the following output: (ip.com") # ip.src = IPv4 address of the client
&& ip.port == 443 # ip.port = 443 = port number of the SSL connection
&& (ssl.0") # ssl.protocol = "tlsv1.2", "tlsv1.1", or "tlsv1.0"
As per your requirement you can add the protocol name too. For example, if you want to know the connection uses TLSv1.1, you could add:
&& (ssl.1") Similarly for all protocols you can add. Also note that in the above filter you have to make sure that the company's domain name and the server name are same.

What is an SSL handshake?

An SSL handshake, or Secure Socket Layer handshake, is a procedure used for establishing mutual authentication between a server and a client.

The handshake is established when the client and server agree to the parameters of the connection, including protocol version number, security algorithm, data integrity method, compression method and cipher key lengths.

The steps of the handshake process are: Client sends a ClientHello message with a random value generated by the client;. The server responds with a ServerHello message. The first step is complete; Both the client and server generate random values for encryption keys and calculate cryptographic hashes for data integrity;. The server sends its authentication request message, which includes a certificate containing a list of public key certificates of other servers the client trusts. The client checks the root certificate in the server's certificate using a trust path from the client; If the server has not authenticated itself, the server sends a Finished message;. The client checks that the server has authenticates itself using a handshake failure alert;. The client sends its acknowledgement for each message sent during the handshaking process, returning a list of names (ie the server's certificate) for the previously received certificates that did not pass the check;. The client requests a list of more names for certificates from the server;. The client sends its final handshake message;. If the handshake was successful, the server sends the client the random session key, cipher-suite name and MAC algorithm. Figure 1. How does it work? An SSL handshake begins when a client requests data and sends a Hello or ClientHello message over an SSL/TLS connection to a server. A handshake must be completed prior to sending any type of data. When both sides are ready to transfer data, the client sends a ClientHello, the server responds with a ServerHello, and then data begins to flow through the connection.

If a secure connection cannot be established, a client may use one of the two error codes: Client cannot successfully complete its hello messages. Server cannot successfully complete its hello messages. Clients cannot successfully complete their handshakes. These errors indicate that either a client or a server might not properly support encryption, or the encryption provided by a server might not have been properly configured to allow clients to successfully complete their handshakes. Figure 2.