Comment # 20
on bug 12793
from Peter Wu
(In reply to Andre Luyer from comment #18)
> Maybe there is another way: in case of a resumed session both ServerHello
> and ChangeCipherSpec will be in the same frame (so that frame is either
> filtered or not), otherwise it is not resumed. (In theory it could be spilt
> over two frames, but then the TLS is badly implemented on the server.)
> So that should work in case of a -R filter too -- as long as the capture is
> not snapped.
The TLS protocol does not require records to be merged into a single TCP
segment, so there might be a case where a false negative exists (resulting in
inability to resume using session tickets). I think that the current heuristics
should be good enough.
> And use ClientHello to reset the ssl state to handle the renegotiated
> session(s) correctly.
If you are unlucky, packets are re-ordered and the Client Hello comes just
after the Server Hello in the pcap. I don't know if this generally causes other
issues, but it was taken into consideration for the patch.
> See you at SharkFest16(?)!
See you at SharkFest Europe? :) https://sharkfesteurope.wireshark.org/
You are receiving this mail because:
- You are watching all bug changes.