Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10242] New: Wireshark does not properly dissect Certificate and ServerHelloDon

Wireshark-bugs: [Wireshark-bugs] [Bug 10242] New: Wireshark does not properly dissect Certificat

Date: Mon, 30 Jun 2014 14:13:51 +0000

Bug ID	10242
Summary	Wireshark does not properly dissect Certificate and ServerHelloDone TLS 1.0 Record Types
Classification	Unclassified
Product	Wireshark
Version	1.10.7
Hardware	x86-64
OS	Windows 7
Status	UNCONFIRMED
Severity	Major
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	joel.gerber@corp.eastlink.ca

Created attachment 12861 [details]
SSL with Google.ca

Build Information:
Version 1.10.7 (v1.10.7-0-g6b931a1 from master-1.10)

Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, with
GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities,
without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python,
with GnuTLS 2.12.18, with Gcrypt 1.4.6, without Kerberos, with GeoIP, with
PortAudio V19-devel (built Apr 22 2014), with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.
       Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, with 3978MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
When I grab a packet capture for a client/server SSL negotiation, I am able to
see the entire SSL handshake process except for the Certificate and
ServerHelloDone messages. When I look at the Packet Bytes for the ServerHello
packet, I do see the record types in the data payload, specifically the
combination of hexadecimal bytes 0x16 0x03 0x01, but Wireshark is not
dissecting it in the display.

I'm attaching an example capture for google.ca. I've replicated this on other
sites as well.

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10242] Wireshark does not properly dissect Certificate and ServerHelloDone TLS 1.0 Record Types
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10242] Wireshark does not properly dissect Certificate and ServerHelloDone TLS 1.0 Record Types
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10242] Wireshark does not properly dissect Certificate and ServerHelloDone TLS 1.0 Record Types
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10242] Wireshark does not properly dissect Certificate and ServerHelloDone TLS 1.0 Record Types
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10237] Wireshark does not correctly dissect RFC5515 AVPs
Next by Date: [Wireshark-bugs] [Bug 10237] Wireshark does not correctly dissect RFC5515 AVPs
Previous by thread: [Wireshark-bugs] [Bug 10241] Add support for logcat logs in text files
Next by thread: [Wireshark-bugs] [Bug 10242] Wireshark does not properly dissect Certificate and ServerHelloDone TLS 1.0 Record Types
Index(es):
- Date
- Thread