Good Afternoon,
Wireshark 1.0.3 is displaying a specific SSLv3 packet as “Change
Cipher Spec, Encrypted Handshake Message”, while Ethereal 1.1.0 displays
it as “Change Cipher Spec, Certificate Request[Malformed Packet]”.
Normally I would think the newer software is showing it
correctly. However, I am expecting to see a certificate request somewhere
in the capture, but Wireshark is not showing it. I know it is happening because
the web browser (firefox 3.0.1) is prompting me to choose a client
certificate. The server is IIS 6.0.
Is it possible that IIS is sending the certificate request after
an SSL session has been established? Or is Wireshark 1.0.3 incorrectly
displaying this packet?
Thanks,
Michael Ryerse
|
Attachment:
CertRequest.pcap
Description: CertRequest.pcap