Wireshark-users: [Wireshark-users] Analyzing TLS handshake packets

From: Manjesh HS <manjesh29hs@xxxxxxxxx>
Date: Thu, 14 Dec 2017 16:21:11 +0530

Hi Wireshark User Community,
In my project, there is a LDAP client utility and a LDAP server utility running on different nodes in the TCP/IP network. There is a need to establish TLS (LDAPS) connection mode of communication between them in order to exchange some information.

This functionality is broken recently. A TCP dump file was generated on the problematic setup to analyze the TLS handshake mechanism. When it was analyzed through Wireshark tool, it is reporting that the "Client Hello" packet generated by LDAPS client utility (the one that initiates TLS handshake), as a malformed packet by reporting an error as "compression methods length", incompatible as per the protocol specifications. We are suspectingthat the TLS protocol specifications are violated during this TLS handshake.

The screenshot of the same has been attached with this mail.

How this issue can happen ? What are the factors that can lead to such an issue ? Is it an issue with incompatible versions of openSSL/TLS/cipher suite between client and server ?

Please share your suggestions/comments in order to investigate this issue further.


- Manjesh.

Attachment: screenshot_1.png
Description: PNG image