Our security auditor is requiring I show them the exact cipher our SSL-VPN traffic is using. I have captured a packet from our firewall and am deciphering it in WireShark. In the Client Hello, it shows that the two ends are using TLS1.2 and will accept 19 different ciphers, 18 AES128 or AES256 and 1 DES. But I can't find where it says which cipher they eventually agree on and use. Where do I find exactly what cipher is being used in their communications? Any help will be GREATLY appreciated, as these auditors are driving me crazy, lol.
