Wireshark-bugs: [Wireshark-bugs] [Bug 12793] Expert Info ssl.resumed incorrect after TLS renegot

Date: Fri, 09 Sep 2016 13:06:28 +0000

Comment # 20 on bug 12793 from
(In reply to Andre Luyer from comment #18)

> Maybe there is another way: in case of a resumed session both ServerHello
> and ChangeCipherSpec will be in the same frame (so that frame is either
> filtered or not), otherwise it is not resumed. (In theory it could be spilt
> over two frames, but then the TLS is badly implemented on the server.)
> So that should work in case of a -R filter too -- as long as the capture is
> not snapped.

The TLS protocol does not require records to be merged into a single TCP
segment, so there might be a case where a false negative exists (resulting in
inability to resume using session tickets). I think that the current heuristics
should be good enough.

> And use ClientHello to reset the ssl state to handle the renegotiated
> session(s) correctly.

If you are unlucky, packets are re-ordered and the Client Hello comes just
after the Server Hello in the pcap. I don't know if this generally causes other
issues, but it was taken into consideration for the patch.

> See you at SharkFest16(?)!

See you at SharkFest Europe? :) https://sharkfesteurope.wireshark.org/


You are receiving this mail because:
  • You are watching all bug changes.