Fragmented TLS records result in missing Certificate handshake messages and "Encrypted Handshake Message"
This issue was migrated from bug 3303 in our old bug tracker.
Original bug information:
Reporter: Michael Breu
Status: RESOLVED FIXED
Product: Wireshark
Component: Dissection engine (libwireshark)
OS: All
Platform: All
Version: 1.3.x (Experimental)
Attachments:
: Screenshot "Frame6, Certificate"
: Screenshot "Frame22, Encrypted Handshake"
: Screenshot "Frame27, Encrypted Handshake"
test.pcapng: Two crafted Server Hello messages, one fragmented, one not fragmented
fragmented-client-hello.pcap.pcapng: fragmented client hello message
reassemble_wireshark.pcap.pcapng: Not decoded Server Certificate
iscwest_cert_issue.pcap: Anoter issue which matches with the Encrypted Handshake Screenshots
tls-handshake-fragments.py: Pcap generator for fragmented handshake records
ssldump-2.cap: Capture file with enclosed ssl-communication (captured on server side)
SVN-28088.cap: SVN-28088.cap
bug3303.cap: bug3303.cap
zito-smtps-ok.pcap: there is certificate request in one TLS record and parsed by Wireshark is ok
zito-smtps-fail.pcap: there is certificate request fragmented into 2 TLS records and is not parsed by Wireshark
See also:
Issue #15043 (closed)
Issue #15537 (closed)
Issue #15625 (closed)