[William Stegman <stegmanw@xxxxxxxxx>]

I was working on an issue that ultimately was attributed to a proxy not having the correct certificate installed to enable it to proxy SSL connections to a website on my side.  Initial captures showed a TLS client hello followed by a server hello but never a change cipher spec packet.  When we discovered the certificate/proxy issue we ran another capture for comparison’s sake but there wasn’t any discrepancy apparent in the good and bad captures.  Packets do follow the hello exchange in both cases but the client eventually received a 503 error when it was broken.   I’m looking for anyone who has had a similar experience with troubleshooting SSL proxy issues and has seen this in a capture.  I guess what I’m hoping to learn is a shortcut in determining if an SSL proxy is in the mix by the lack of a change cipher spec packets in the capture.  This is a screen shot of a good sample.  No change cipher ever comes up.  

thank you