Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ssl digestor truncates the Server Hello ?

From: Sake Blok <sake () euronet nl>
Date: Wed, 19 Dec 2012 18:06:10 +0100
Arnaud,

The SSL dissector is not able to reassemble all of its data as the first TCP of the SSL record is received 
out-of-order. The Certificate message starts in a second SSL record in frame 8 (the first SSL record in that frame 
contains the ServerHello) and frame 6 is the continuation of that SSL record. There is a bug open to enhance reassembly 
to include cases where the first segment of a higher protocol PDU (like the SSL record in this case) is received 
out-of-order. I don't have the bug-id at hand now...

Cheers,
Sake



On 19 dec 2012, at 17:50, Arnaud grandville wrote:


Hi everyone,

I'm using WireShark to analyze an https connection, but I encounter a problem with the ssl digestor.
In response to the Client Hello (#4), I expected to get a Server Hello response with some additional informations 
like:
- TLSv1 Record Layer: Handshake Protocol: Server Hello
- TLSv1 Record Layer: Handshake Protocol: Certificate
- TLSv1 Record Layer: Handshake Protocol: Server Key Exchange
- TLSv1 Record Layer: Handshake Protocol: Server Hello Done
But, as my joined capture shows, the packet #8 contains only "TLSv1 Record Layer: Handshake Protocol: Server Hello" 
whereas the binary streams contains some additional informations (certificates ....)

Do you have any idea ?

Thank's
Arnaud
<Google.pcap>___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: