Arnaud,
The SSL dissector is not able to reassemble all of its data as the first TCP of the SSL record is received out-of-order. The Certificate message starts in a second SSL record in frame 8 (the first SSL record in that frame contains the ServerHello) and frame 6 is the continuation of that SSL record. There is a bug open to enhance reassembly to include cases where the first segment of a higher protocol PDU (like the SSL record in this case) is received out-of-order. I don't have the bug-id at hand now...
Cheers,
Sake
On 19 dec 2012, at 17:50, Arnaud grandville wrote:
> Hi everyone,
>
> I'm using WireShark to analyze an https connection, but I encounter a problem with the ssl digestor.
> In response to the Client Hello (#4), I expected to get a Server Hello response with some additional informations like:
> - TLSv1 Record Layer: Handshake Protocol: Server Hello
> - TLSv1 Record Layer: Handshake Protocol: Certificate
> - TLSv1 Record Layer: Handshake Protocol: Server Key Exchange
> - TLSv1 Record Layer: Handshake Protocol: Server Hello Done
> But, as my joined capture shows, the packet #8 contains only "TLSv1 Record Layer: Handshake Protocol: Server Hello" whereas the binary streams contains some additional informations (certificates ....)
>
> Do you have any idea ?
>
> Thank's
> Arnaud
> <Google.pcap>___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
