Apache httpclient with TLS, but can not catch tls packet in wireshark

Question

I use apache.httpcomponent.httpcore and httpclient version 4.3, I want to use httpclient to post to my https server. But when I use wireshark to catch packet, the packet is TCP not TLS. Can anyone tell me why?

The following code is I configure SSLContext with trustmanager. And I load the server's certificate in the trust manager.

SSLContext ctx = null;
String keystoreName = "/Users/user/ec_key/in_keystore";
char[] password = "123456".toCharArray();       //keystore's password

    FileInputStream fIn;
    KeyStore keystore;
    TrustManagerFactory tmf=null;

    try {
        fIn = new FileInputStream(keystoreName);
        keystore = KeyStore.getInstance("JKS");
        keystore.load(fIn, password);               //loading keysotre

        tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());   //TrustManagerFactory.getDefaultAlgorithm()=PKIX
        tmf.init(keystore);

        ctx = SSLContext.getInstance("TLSv1.2");
        // Initial SSLContext
        ctx.init(null, tmf.getTrustManagers(), new java.security.SecureRandom());

        fIn.close();

    } catch (FileNotFoundException e1) {
        // TODO Auto-generated catch block
        e1.printStackTrace();
    } catch (KeyStoreException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (CertificateException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (IOException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (KeyManagementException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

        // create SSLConnectionSocketFactory
        SSLConnectionSocketFactory factory = new SSLConnectionSocketFactory(ctx);

    CloseableHttpClient httpClient = HttpClientBuilder.create()
            .setSSLSocketFactory(factory)
            .disableAutomaticRetries()
            .build();

//execute http method
HttpResponse httpResponse = httpClient.execute(method);

I use the self-signed certificate for server. And I use

openssl s_client -connect 127.0.0.1:8443/webpage -CAfile test-ca.crt 

to connect my server. test-ca.crt is the certificate for my own CA. The result is verify return code is 0(ok). So my server is work.

Answer 1

The captured packets are fine. Wireshark decodes for display based on (mostly) the ports used as source and/or destination. It knows some standard ports like 443 and 465 are SSL/TLS but it does not know 8443.

Rightclick a packet for this session in the message-list pane and choose DecodeAs..., or select a packet and click Analyze / DecodeAs.... and in version 2 click the '+' (add) button; then adjust the port value if necessary (to 8443) and in the right-hand pulldown (or in version 1 listbox) select SSL.