Why doesn't my HTTPS connection use TLS?

Question

I hope you'll excuse my bad / poor english.

I'm pretty sure it's a quite naïve question, but I need to be fixed about it.

I'm running an application on a JBOSS AS 7 server, and I enabled HTTPS connection by adding this lines in my standalone.xml file :

<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
    <ssl name="ssl" password="password" protocol="TLSv1"/>
</connector>

Now, if I try to acces my application through a web browser using this url :

https://localhost:8443/myapp/

After I accept my homemade certificate, the browser tell me that the connection is made using TLS protocol, and encrypted by an AES 128. Everything looks fine.

But when I use Wireshark on the server, and I try to access my application with a computer located in my local network, there is no trace of TLS, but only TCP connections (which seem to be encrypted).

On the other hand, if I try to access to an HTTPS web server, Wireshark is telling me that the protocol in use is TLS. I'm quite confuse now.

So here are my questions : Is my connection even so working on TLS ? If not, what could be the problem (Could it be the port 8443 which is not the HTTPS' standard port ?) ?

Let me know if I'm not really clear, or if I didn't give enough informations.

Best regards, PDauph.

Answer 1

I suspect that your connection is using TLS. Wireshark does not automatically recognize all protocols. It uses heuristics, including the port number, to try to determine the layered protocols on a connection. If you are using a non-standard port (like 8443) then Wireshark probably isn't interpreting the connection as TLS even though it actually is.

You can manually tell Wireshark to decode a connection as a specific protocol when it doesn't choose the correct one by itself. Right-click on one of the packets and choose "Decode As..." from the context menu. Then choose SSL as the Transport protocol. Wireshark should now try to parse the connection as a SSL/TLS stream.

Here is the documentation on Wireshark decoding.