I am using Wireshark to see if a little FTP client we wrote is using TLS v1.0, v1.1, or v1.2.
In the "protocol" column, I see TLS 1.2 listed on some things, but when I filter to only the FTP IP addresses, all I see is TCP. I do not see any indication which TLS version it is using, or if FTP uses TLS at all…?
Is there a way I can tell which TLS version this FTP program is using?
Best Answer
In Wireshark, you should see a packet marked
TLSv1.x Client Hello
right after the TCP socket is SYN/ACKed.Additionally, your client can check the socket parameters once it's established - however, this involves coding and is off-topic here. Moreover, the server logs should indicate if and what TLS version is used.
FTPS over TCP port 990 uses implicit SSL/TLS - when the client see the socket come up it's already encrypted, the client doesn't use
STARTTLS
.