Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12132] New: Client Hello not dissected when failed SSL handshake fully capture

Wireshark-bugs: [Wireshark-bugs] [Bug 12132] New: Client Hello not dissected when failed SSL han

Date: Wed, 17 Feb 2016 16:35:22 +0000

Bug ID	12132
Summary	Client Hello not dissected when failed SSL handshake fully captured
Product	Wireshark
Version	2.0.1
Hardware	x86-64
OS	Windows 10
Status	UNCONFIRMED
Severity	Minor
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	p.smolenaars@gmail.com

Created attachment 14335 [details]
Zipped files

Build Information:
Version 2.0.1 (v2.0.1-0-g59ea380 from master-2.0)

Copyright 1998-2015 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.3.2, with WinPcap (4_1_3), with libz 1.2.8, with
GLib 2.42.0, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.

Running on 64-bit Windows 10, build 10586, with locale C, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2, without AirPcap.
Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz (with SSE4.2), with 8097MB of physical
memory.


Built using Microsoft Visual C++ 12.0 build 31101
--

When opening a capture file with a failed SSL handshake, wireshark does not
mark the packet as SSL or show the Client Hello information.

When cutting the capture file short (so not including the failing part) the SSL
information is displayed successfully.

I have included 2 capture files to show the problem.

session.full_anon.pcap: packet 4 should be the Client Hello, but it doesn't
dissect it properly.

session.part_anon.pcap: packet 4 show correctly.


I've tried to anonymize the files as much as possible. Please treat them as
confidential.

Reference:
https://ask.wireshark.org/questions/50212/ssl-dissector-not-displaying-client-hello

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 12132] Client Hello not dissected when failed SSL handshake fully captured
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12132] Client Hello not dissected when failed SSL handshake fully captured
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12132] Client Hello not dissected when failed SSL handshake fully captured
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12132] Client Hello not dissected when failed SSL handshake fully captured
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12132] Client Hello not dissected when failed SSL handshake fully captured
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12132] Client Hello not dissected when failed SSL handshake fully captured
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 12131] Feature request: main window rearrangement.
Next by Date: [Wireshark-bugs] [Bug 12132] Client Hello not dissected when failed SSL handshake fully captured
Previous by thread: [Wireshark-bugs] [Bug 12131] Feature request: main window rearrangement.
Next by thread: [Wireshark-bugs] [Bug 12132] Client Hello not dissected when failed SSL handshake fully captured
Index(es):
- Date
- Thread