Solved

when are the certificates exchanged in a TLS session

Posted on 2016-10-04
1
107 Views
Last Modified: 2016-10-05
HI,
I have the following TLS capture in wireshark , This contains Change cipher spec, server hello, ...
But doesnt contain certificate entry. Also i dont see any certificate in the wireshark capture.
Is it possible that the server didnt sent any certificate ?
How do i find out the entry where server sent the certificate in the wireshark capture ?

Frame 60: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0
Ethernet II, Src: Procurve_a0:c7:80 (c0:91:34:a0:c7:80), Dst: Apple_f3:ac:2a (24:a0:74:f3:ac:2a)
Internet Protocol Version 4, Src: 52.84.105.126, Dst: 172.16.44.155
Transmission Control Protocol, Src Port: 443, Dst Port: 55760, Seq: 1, Ack: 518, Len: 156
Secure Sockets Layer
    TLSv1.2 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 100
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 96
            Version: TLS 1.2 (0x0303)
            Random
                GMT Unix Time: Dec 19, 1984 05:08:32.000000000 IST
                Random Bytes: 067f9f079aca9da31cdecec70c54428376a38194d9134f2a...
            Session ID Length: 32
            Session ID: 87bfb9dc500ea382098ff6c23756e43c13d25f302d3a311e...
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
            Compression Method: null (0)
            Extensions Length: 24
            Extension: renegotiation_info
                Type: renegotiation_info (0xff01)
                Length: 1
                Renegotiation Info extension
                    Renegotiation info extension length: 0
            Extension: status_request
                Type: status_request (0x0005)
                Length: 0
            Extension: Application Layer Protocol Negotiation
                Type: Application Layer Protocol Negotiation (0x0010)
                Length: 11
                ALPN Extension Length: 9
                ALPN Protocol
                    ALPN string length: 8
                    ALPN Next Protocol: http/1.1
    TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
        Content Type: Change Cipher Spec (20)
        Version: TLS 1.2 (0x0303)
        Length: 1
        Change Cipher Spec Message
            [Expert Info (Note/Sequence): This session reuses previously negotiated keys (Session resumption)]
                [This session reuses previously negotiated keys (Session resumption)]
                [Severity level: Note]
                [Group: Sequence]
    TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 40
        Handshake Protocol: Encrypted Handshake Message

Open in new window


Thanks
0
Comment
Question by:Rohit Bajaj
1 Comment
 
LVL 23

Accepted Solution

by:
Dirk Kotte earned 500 total points
ID: 41829270
take a look to this flowchart: https://upload.wikimedia.org/wikipedia/commons/thumb/a/ae/SSL_handshake_with_two_way_authentication_with_certificates.svg/1280px-SSL_handshake_with_two_way_authentication_with_certificates.svg.png

i think you captured the first packet from server to client (the last from phase 1)
this packets don't contain the certificate.
take a look to the next packets. there must be a bigger one.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DHCP Server 14 86
Viber-Only Restriction 6 44
FTP cerebrus ok over 21 non ssl, but fails to retrieve directory over port 990 SSL/TLS 5 28
Port group in esxi 6 78
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question