When using physical IP address, at first it is TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA and then it changes to TLS_RSA_AES_128_SHA.
Using VS, the return sometimes does not have any information about SSL.
Below is my http capture:
-------------------------------------------------------------------------------------------------------------------------------------------
With VS (without SSL info):
Client:
CONNECT x.x.x:8080 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0
Connection: keep-alive
Host: x.x.x:8080
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Major Version: 3
Minor Version: 1
Random: 50 9A 1D C7 79 51 BD 0B BD 42 9E 8B 51 89 02 80 23 35 C8 A0 72 62 AE 85 51 E8 E8 8D 19 A4 75 86
SessionID: E6 E6 37 F0 41 E0 D2 4F A1 9A 31 A7 32 75 C8 77 CC 55 37 CB FD F1 63 B6 3F 35 7F 05 7B 92 30 5D
Ciphers:
[Cipher suites]
Compression:
[00] NO_COMPRESSION
Server:
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 16:37:59.255
Connection: close
EndTime: 16:38:04.933
ClientToServerBytes: 1658
ServerToClientBytes: 7356
---------------------------------------------------------------------------------------------------------------------------------------------------
With VS (with SSL info):
Client:
CONNECT x.x.x.x:8080 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0
Connection: keep-alive
Host: x.x.x.x:8080
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Major Version: 3
Minor Version: 1
Random: 50 9A 1E 28 C2 2E DC F3 3E D7 CD 3D 9F 9A AE D6 D6 09 6E 7D 3E C4 4D 5D 7A BF 06 37 01 43 B7 A6
SessionID: empty
Ciphers:
[Cipher suites]
Compression:
[00] NO_COMPRESSION
Server:
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 16:36:48.228
Connection: close
EndTime: 16:36:53.797
ClientToServerBytes: 1557
ServerToClientBytes: 12572
This is a CONNECT tunnel, through which encrypted HTTPS traffic flows.
To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option.
A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below.
Major Version: 0
Minor Version: 0
SessionID: 5A 02 16 3B F8 46 AD 22 B2 4F B2 D7 89 85 AC BC 90 37 F8 43 1C BE 0F B6 E8 15 90 99 BF F7 93 C2 9A E8 B9 FC B6 D9 0E 23 74 81 AF 0F FE 33 21 50 35 49 DC BA 4F A7 76 BF 2F 6B 55 E5 81 CD 25 AF 44 9B F9 A9 10 A1 B4 AE 90 BD 9F 18 70 3B F3 89 89 29 C8 AD 91 03 7F 03 11 78 DD B4 99 C5 3F 84 A9 AA DB 72 C3 DA C7 42 91 65 FC 6E 6D CA D7 B6 F9 F0 F2 80 8C 75 B9 F0 D9 CE 05 93 CA C1 69 85 22 A4 A4 F3 86 4B E4 81 B5 96 42 0F B8 8A 2F D2 2C 16 24 90 C4 8C A0 62 BF 94 79 42 0A 4D 4A E2 AF 1C 29 A3 11 FD 09 2A 9F A2 AD 6F 64 7E D9 C7 05 67 DA 14 03 01 00 01 01 16 03 01 00 30 44 8A BC 0D 7A 1C C4 DC 49 FB C5 04 6E 01 60 E7 E6 50 13 2F 1B 9E 5A FD A5 DC D4 A7 4C 0E
Random: 01 2C 00 D0 4F 6F 1B 2A 24 13 C7 C0 BF F3 F2 0A DF F7 1C 5E 28 13 DE DF 65 D8 02 71 D6 44 66 EC
Cipher: Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/ [0xCE1B]
CompressionSuite: Unrecognized compression format [0x2D]
Extensions:
none
---------------------------------------------------------------------------------------------------------------------------------------------------------------
With Physical:
Client:
CONNECT x.x.x.x:8080 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0
Connection: keep-alive
Host: x.x.x.x:8080
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Major Version: 3
Minor Version: 1
Random: 50 9A 1E 69 60 03 25 A4 E2 65 BC 96 BC E0 A1 3C C5 5F E0 97 B9 3F 81 C9 30 B8 DE EC 72 7F 50 1C
SessionID: empty
Ciphers:
[Cipher suites]
Compression:
[00] NO_COMPRESSION
Server:
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 16:40:09.258
Connection: close
EndTime: 16:40:09.305
ClientToServerBytes: 383
ServerToClientBytes: 5075
This is a CONNECT tunnel, through which encrypted HTTPS traffic flows.
To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option.
A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below.
Major Version: 3
Minor Version: 1
SessionID: empty
Random: 50 9A 1E B7 5F EE 0E 1D A4 B6 06 6C 9A 4A 4E AE A6 5D CC 8B 3B 70 9D 66 23 A9 EE 37 6E 02 79 4E
Cipher: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA [0x0088]
CompressionSuite: NO_COMPRESSION [0x00]
Extensions:
renegotiation_info 00
SessionTicket TLS empty