Skip to main content

At which layer can I capture "Server HELLO" so that I can capture cipher and the server certificate RRS feed

  • Question

  • Hello,

    I am writing a WFP kernel mode component.

    I want to capture certain details about a TLS connection when the TLS connection is being established.

    I would like to capture

    1. TLS version

    2. The cipher selected by the server  

    3. The certificate details

    I would like to know in which layer can I capture this information

    • FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4 - will this layer give me the needed information?

    Thanks in advance.

    • Edited by syssegv Tuesday, August 27, 2019 5:46 AM
    Monday, August 26, 2019 9:53 AM

All replies

  • can someone please help me here? thanks
    Wednesday, August 28, 2019 10:16 AM
  • Hi,

    I have escalated the problem and reported it to the Engineer concerned. He will continue to follow up this case.

    Best regards,


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact

    Friday, August 30, 2019 6:44 AM