Wireshark-bugs: [Wireshark-bugs] [Bug 8075] New: The SSL dissector stops decrypting the SSL conv
Date: Mon, 10 Dec 2012 10:00:30 +0000
Bug ID 8075
Summary The SSL dissector stops decrypting the SSL conversation with Malformed Packet:SSL error messages
Classification Unclassified
Product Wireshark
Version 1.8.3
Hardware x86
OS Windows 7
Status UNCONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter jgreyling@gmail.com

Build Information:

--
When using the following methods to capture TCP sessions we're only able to
decrypt parts of the SSL conversation. We've used Wireshark, TShark and dumpcap
to capture. I've ensured that there is '0' dropped packets. This is for HTTPS
conversations between a mobile client and webserver (ZXTM). The client
(browser) is not experiencing any problems but I'm only able to decrypt parts
of the conversation in Wireshark. At some point during the conversation I start
to get Malformed Packet: SSL errors from the server to the client. As this
point I'm unable to decrypt the rest of the conversation at all.

We took the pcap's off an inline TAP. To eliminate the TAP as the problem, we
decided to capture directly off the webserver (Red Hat Linux). When we reviewed
the files we could see exactly the same behavior on the webserver capture,
eliminating the network switching layer? The webserver is using hardware
checksum and TCP segment offloading.

We've worked extensively with Jasper who suggested we should open a bug report.
I have plenty of pcap examples if someone wants to take a look at it.

Thx!

Jaco


You are receiving this mail because:
  • You are watching all bug changes.