Wireshark-bugs: [Wireshark-bugs] [Bug 9515] TLSV1 "Ignored Unknown Record"

Date Prev · Date Next · Thread Prev · Thread Next
Date: Sat, 31 Jan 2015 23:14:05 +0000

Comment # 21 on bug 9515 from
Detection of a STARTTLS request and acknowledgement requires assistance from
the dissector. There is a recognizable pattern for dissectors in doing this,
but this is so tiny that it would not be worth to provide helpers for this I
think.

Now, Evan is suggesting to make the upper layers (TCP/UDP/...) aware of marking
the lower layer as TLS-encapsulated, but wouldn't this move complexity to the
all of the TCP/UDP/... protocols?

I've just pushed an updated patch that fixes a desegmentation issue, but it
still has a problem with fragmentation of a SSL record over multiple TCP
segments (the first segment is correctly dissected as SSL, but following
reassembled segments are treated as the protocol instead of SSL|protocol).

Here is the link to the fragmented SSL capture (if it is not already on the
wiki, I'll upload it there later):
https://git.lekensteyn.nl/peter/wireshark-notes/commit/tls/mysql-ssl-larger.pcapng?id=818f97811ee7d9b4c5b2d0d14f8044e88787bc01

I'll think more about it while at FOSDEM.


You are receiving this mail because:
  • You are watching all bug changes.