when are the certificates exchanged in a TLS session

HI,
I have the following TLS capture in wireshark , This contains Change cipher spec, server hello, ...
But doesnt contain certificate entry. Also i dont see any certificate in the wireshark capture.
Is it possible that the server didnt sent any certificate ?
How do i find out the entry where server sent the certificate in the wireshark capture ?

Frame 60: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0
Ethernet II, Src: Procurve_a0:c7:80 (c0:91:34:a0:c7:80), Dst: Apple_f3:ac:2a (24:a0:74:f3:ac:2a)
Internet Protocol Version 4, Src: 52.84.105.126, Dst: 172.16.44.155
Transmission Control Protocol, Src Port: 443, Dst Port: 55760, Seq: 1, Ack: 518, Len: 156
Secure Sockets Layer
    TLSv1.2 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 100
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 96
            Version: TLS 1.2 (0x0303)
            Random
                GMT Unix Time: Dec 19, 1984 05:08:32.000000000 IST
                Random Bytes: 067f9f079aca9da31cdecec70c54428376a38194d9134f2a...
            Session ID Length: 32
            Session ID: 87bfb9dc500ea382098ff6c23756e43c13d25f302d3a311e...
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
            Compression Method: null (0)
            Extensions Length: 24
            Extension: renegotiation_info
                Type: renegotiation_info (0xff01)
                Length: 1
                Renegotiation Info extension
                    Renegotiation info extension length: 0
            Extension: status_request
                Type: status_request (0x0005)
                Length: 0
            Extension: Application Layer Protocol Negotiation
                Type: Application Layer Protocol Negotiation (0x0010)
                Length: 11
                ALPN Extension Length: 9
                ALPN Protocol
                    ALPN string length: 8
                    ALPN Next Protocol: http/1.1
    TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
        Content Type: Change Cipher Spec (20)
        Version: TLS 1.2 (0x0303)
        Length: 1
        Change Cipher Spec Message
            [Expert Info (Note/Sequence): This session reuses previously negotiated keys (Session resumption)]
                [This session reuses previously negotiated keys (Session resumption)]
                [Severity level: Note]
                [Group: Sequence]
    TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 40
        Handshake Protocol: Encrypted Handshake Message

Open in new window


Thanks
Rohit BajajAsked:
Who is Participating?
 
Dirk KotteConnect With a Mentor SECommented:
take a look to this flowchart: https://upload.wikimedia.org/wikipedia/commons/thumb/a/ae/SSL_handshake_with_two_way_authentication_with_certificates.svg/1280px-SSL_handshake_with_two_way_authentication_with_certificates.svg.png

i think you captured the first packet from server to client (the last from phase 1)
this packets don't contain the certificate.
take a look to the next packets. there must be a bigger one.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.