| Bug ID |
10661
|
| Summary |
SSL: handle multiple handshake records in multiple tcp segments
|
| Product |
Wireshark
|
| Version |
1.99.x (Experimental)
|
| Hardware |
All
|
| OS |
All
|
| Status |
UNCONFIRMED
|
| Severity |
Trivial
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Created attachment 13228 [details]
Sample pcap with multiple records in mutliple tcp segments
Build Information:
Wireshark 1.99.1 (v1.99.1rc0-429-ge2f2e18 from unknown)
Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (32-bit) with Qt 4.8.2, with libpcap, without POSIX capabilities,
without libnl, with libz 1.2.7, with GLib 2.32.4, with SMI 0.4.8, without
c-ares, without ADNS, with Lua 5.2, with GnuTLS 2.12.20, with Gcrypt 1.5.0,
without Kerberos, without GeoIP, without PortAudio, with AirPcap.
Running on Linux 3.2.0-4-686-pae, with locale en_GB.UTF-8, with libpcap version
1.3.0, with libz 1.2.7, with GnuTLS 2.12.20, with Gcrypt 1.5.0, without
AirPcap.
Built using gcc 4.7.2.
--
During a SSL handshake a sever often sends multiple handshake records (e.g.
Certificate, Server Key Exchange, Server Hello Done) in multiple tcp segments.
Currently only the first record is shown in the Information column and further
records are only shown in the tree as a new (second) SSL layer.
You can see this behaviour with the attached pcap example.
I made a patch (and will push it to gerrit) to extend the desegment_len when
the ssl record type is a handshake message.
You are receiving this mail because:
- You are watching all bug changes.