[tialaramex]

The really labour intensive thing you could do goes like this:

1. Get a nice shiny modern Wireshark

2. Tell Firefox you want it to keep records of the session secrets that secure TLS. Set environment variable SSLKEYLOGFILE=/some/path/to/log/secret.keys

3. Packet capture the session you're interested in

4. Give Wireshark the packet capture (if not captured inside Wireshark itself) and the secret.keys

5. Now Wireshark can show the TLS session and you can see what went wrong in detail. So long as you didn't actually do anything secret you can give all these pieces to somebody else to look at.

6. Otherwise, after your investigation destroy the secret.keys and optionally the packet capture itself.

I've used this level of effort to show a customer that, contrary to what they believed they were not presenting the nice client certificate I'd issued them when connecting. It turned out to be a config difference between their staging and production systems or something. But they were absolutely insistent their software was being turned away despite using a client cert (we used mutual TLS) so it took posting a Wireshark capture proving otherwise to get them to actually investigate.