Hello,
I am unable to decode a SSL capture that is using TLSv1. This is an application connecting to a BigIP VIP. I then used an IE browser to connect to the same VIP and it decoded it just fine. I usually have no issues decoding SSL but I can't decode this one and tried several captures from the beginning to make sure I get the initial key exchange. And of course the private key is correct because it work when using my IE browsers. Any ideas would be great. Here are some capture excerpts.
App negotiating SSL using TLSv1
4 0.000976 10.151.59.152 10.62.40.33 SSLv2 Client Hello
5 0.003939 10.62.40.33 10.151.59.152 TLSv1 Server Hello, Certificate, Server Key Exchange, Server Hello Done
6 0.009517 10.151.59.152 10.62.40.33 TLSv1 Client Key Exchange
7 0.108893 10.62.40.33
10.151.59.152 TCP https > 4255 [ACK] Seq=970 Ack=133 Win=4512 Len=0
8 0.109370 10.151.59.152 10.62.40.33 TLSv1 Change Cipher Spec, Encrypted Handshake Message
9 0.110123 10.62.40.33 10.151.59.152 TLSv1 Change Cipher Spec, Encrypted Handshake Message
10 0.111321 10.151.59.152 10.62.40.33 TLSv1 Application Data
IE v6 Browser negotiating with SSL v3
o. Time Source Destination Protocol Info
1 0.000000 10.56.252.90 10.62.40.33 TCP 14624 > https [SYN] Seq=0 Win=65535 Len=0 MSS=1380 WS=0 TSV=0 TSER=0
2 0.000059 10.62.40.33 10.56.252.90 TCP https > 14624 [SYN, ACK] Seq=0 Ack=1 Win=4140 Len=0 MSS=1460 WS=0 TSV=3429125276
TSER=0
3 0.000475 10.56.252.90 10.62.40.33 TCP 14624 > https [ACK] Seq=1 Ack=1 Win=65535 Len=0 TSV=7207995 TSER=3429125276
4 0.020255 10.56.252.90 10.62.40.33 SSLv2 Client Hello
5 0.020302 10.62.40.33 10.56.252.90 SSLv3 Server Hello, Certificate, Server Hello Done
6 0.021714 10.56.252.90
10.62.40.33 SSLv3 Client Key Exchange, Change Cipher Spec, Finished
7 0.022390 10.62.40.33 10.56.252.90 SSLv3 Change Cipher Spec, Finished
8 0.113509 10.56.252.90 10.62.40.33 TCP 14624 > https [FIN, ACK] Seq=283 Ack=827
Thank you, |
