Wireshark mailing list archives
Re: ssl digestor truncates the Server Hello ?
From: Sake Blok <sake () euronet nl>
Date: Wed, 19 Dec 2012 18:06:10 +0100
Arnaud, The SSL dissector is not able to reassemble all of its data as the first TCP of the SSL record is received out-of-order. The Certificate message starts in a second SSL record in frame 8 (the first SSL record in that frame contains the ServerHello) and frame 6 is the continuation of that SSL record. There is a bug open to enhance reassembly to include cases where the first segment of a higher protocol PDU (like the SSL record in this case) is received out-of-order. I don't have the bug-id at hand now... Cheers, Sake On 19 dec 2012, at 17:50, Arnaud grandville wrote:
Hi everyone, I'm using WireShark to analyze an https connection, but I encounter a problem with the ssl digestor. In response to the Client Hello (#4), I expected to get a Server Hello response with some additional informations like: - TLSv1 Record Layer: Handshake Protocol: Server Hello - TLSv1 Record Layer: Handshake Protocol: Certificate - TLSv1 Record Layer: Handshake Protocol: Server Key Exchange - TLSv1 Record Layer: Handshake Protocol: Server Hello Done But, as my joined capture shows, the packet #8 contains only "TLSv1 Record Layer: Handshake Protocol: Server Hello" whereas the binary streams contains some additional informations (certificates ....) Do you have any idea ? Thank's Arnaud <Google.pcap>___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- ssl digestor truncates the Server Hello ? Arnaud grandville (Dec 19)
- Re: ssl digestor truncates the Server Hello ? Sake Blok (Dec 19)