Comment # 21
on bug 9515
from Peter Wu
Detection of a STARTTLS request and acknowledgement requires assistance from
the dissector. There is a recognizable pattern for dissectors in doing this,
but this is so tiny that it would not be worth to provide helpers for this I
think.
Now, Evan is suggesting to make the upper layers (TCP/UDP/...) aware of marking
the lower layer as TLS-encapsulated, but wouldn't this move complexity to the
all of the TCP/UDP/... protocols?
I've just pushed an updated patch that fixes a desegmentation issue, but it
still has a problem with fragmentation of a SSL record over multiple TCP
segments (the first segment is correctly dissected as SSL, but following
reassembled segments are treated as the protocol instead of SSL|protocol).
Here is the link to the fragmented SSL capture (if it is not already on the
wiki, I'll upload it there later):
https://git.lekensteyn.nl/peter/wireshark-notes/commit/tls/mysql-ssl-larger.pcapng?id=818f97811ee7d9b4c5b2d0d14f8044e88787bc01
I'll think more about it while at FOSDEM.
You are receiving this mail because:
- You are watching all bug changes.
