Solved

when are the certificates exchanged in a TLS session

Posted on 2016-10-04
1
150 Views
Last Modified: 2016-10-05
HI,
I have the following TLS capture in wireshark , This contains Change cipher spec, server hello, ...
But doesnt contain certificate entry. Also i dont see any certificate in the wireshark capture.
Is it possible that the server didnt sent any certificate ?
How do i find out the entry where server sent the certificate in the wireshark capture ?

Frame 60: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0
Ethernet II, Src: Procurve_a0:c7:80 (c0:91:34:a0:c7:80), Dst: Apple_f3:ac:2a (24:a0:74:f3:ac:2a)
Internet Protocol Version 4, Src: 52.84.105.126, Dst: 172.16.44.155
Transmission Control Protocol, Src Port: 443, Dst Port: 55760, Seq: 1, Ack: 518, Len: 156
Secure Sockets Layer
    TLSv1.2 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 100
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 96
            Version: TLS 1.2 (0x0303)
            Random
                GMT Unix Time: Dec 19, 1984 05:08:32.000000000 IST
                Random Bytes: 067f9f079aca9da31cdecec70c54428376a38194d9134f2a...
            Session ID Length: 32
            Session ID: 87bfb9dc500ea382098ff6c23756e43c13d25f302d3a311e...
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
            Compression Method: null (0)
            Extensions Length: 24
            Extension: renegotiation_info
                Type: renegotiation_info (0xff01)
                Length: 1
                Renegotiation Info extension
                    Renegotiation info extension length: 0
            Extension: status_request
                Type: status_request (0x0005)
                Length: 0
            Extension: Application Layer Protocol Negotiation
                Type: Application Layer Protocol Negotiation (0x0010)
                Length: 11
                ALPN Extension Length: 9
                ALPN Protocol
                    ALPN string length: 8
                    ALPN Next Protocol: http/1.1
    TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
        Content Type: Change Cipher Spec (20)
        Version: TLS 1.2 (0x0303)
        Length: 1
        Change Cipher Spec Message
            [Expert Info (Note/Sequence): This session reuses previously negotiated keys (Session resumption)]
                [This session reuses previously negotiated keys (Session resumption)]
                [Severity level: Note]
                [Group: Sequence]
    TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 40
        Handshake Protocol: Encrypted Handshake Message

Open in new window


Thanks
0
Comment
Question by:Rohit Bajaj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 23

Accepted Solution

by:
Dirk Kotte earned 500 total points
ID: 41829270
take a look to this flowchart: https://upload.wikimedia.org/wikipedia/commons/thumb/a/ae/SSL_handshake_with_two_way_authentication_with_certificates.svg/1280px-SSL_handshake_with_two_way_authentication_with_certificates.svg.png

i think you captured the first packet from server to client (the last from phase 1)
this packets don't contain the certificate.
take a look to the next packets. there must be a bigger one.
0

Featured Post

Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VPN Ports 8 54
Provide internet access from one windows PC to another 16 99
IR 1023 Scanning 4 50
Can't access router with user and pass 10 74
Let’s list some of the technologies that enable smooth teleworking. 
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question