Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10661] New: SSL: handle multiple handshake records in multiple tcp segments

[bugzilla-daemon@xxxxxxxxxxxxx]

Bug ID	10661
Summary	SSL: handle multiple handshake records in multiple tcp segments
Product	Wireshark
Version	1.99.x (Experimental)
Hardware	All
OS	All
Status	UNCONFIRMED
Severity	Trivial
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	uh@heilmeier.eu

Created attachment 13228 [details]
Sample pcap with multiple records in mutliple tcp segments

Build Information:
Wireshark 1.99.1 (v1.99.1rc0-429-ge2f2e18 from unknown)

Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with Qt 4.8.2, with libpcap, without POSIX capabilities,
without libnl, with libz 1.2.7, with GLib 2.32.4, with SMI 0.4.8, without
c-ares, without ADNS, with Lua 5.2, with GnuTLS 2.12.20, with Gcrypt 1.5.0,
without Kerberos, without GeoIP, without PortAudio, with AirPcap.

Running on Linux 3.2.0-4-686-pae, with locale en_GB.UTF-8, with libpcap version
1.3.0, with libz 1.2.7, with GnuTLS 2.12.20, with Gcrypt 1.5.0, without
AirPcap.

Built using gcc 4.7.2.

--
During a SSL handshake a sever often sends multiple handshake records (e.g.
Certificate, Server Key Exchange, Server Hello Done) in multiple tcp segments.

Currently only the first record is shown in the Information column and further
records are only shown in the tree as a new (second) SSL layer.

You can see this behaviour with the attached pcap example.

I made a patch (and will push it to gerrit) to extend the desegment_len when
the ssl record type is a handshake message.

---

      You are receiving this mail because:

• You are watching all bug changes.