http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1132
Summary: TLS decryption incorrectly decrypting http packet?
Product: Wireshark
Version: 0.99.4
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: Major
Priority: High
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: phantal@xxxxxxxxx
Build Information:
--
--
The SSL dissector occasionally gets 2+ TLSv1 records mixed in a single
packet:
Secure Socket Layer
-TLSv1 Record Layer: Application Data Protocol: http
...
Length: 193
...
-TLSv1 Record Layer: Application Data Protocol: http
...
Length: 322
...
This is also creating two seperate new data sources, which the http dissector
picks up on. Oddly enough, even though both records seem to contain very
different information, the http dissector produces two seperate trees with
identical information. Both http trees show Content-Length: 306, and have the
same initial bytes.
Another thing I'm noticing is that each of the packets exhibiting this
problem seem to be missing some data. I get ahold of them after the http
dissector gets to them, and the data should be formatted with 2 bytes
indicating the length of some data that follows the 2 bytes. Following that
data should either be another set of length bytes, or two bytes with value of
0. Those two bytes are missing every time this happens.
I have a pcap file containing an example, and the server I'm using is an
internal devbox with a private key that gets randomly re-assigned fairly
regularly, so I don't feel uncomfortable about giving you this information to
work on the problem.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.