Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

when are the certificates exchanged in a TLS session

Posted on 2016-10-04
1
Medium Priority
?
337 Views
Last Modified: 2016-10-05
HI,
I have the following TLS capture in wireshark , This contains Change cipher spec, server hello, ...
But doesnt contain certificate entry. Also i dont see any certificate in the wireshark capture.
Is it possible that the server didnt sent any certificate ?
How do i find out the entry where server sent the certificate in the wireshark capture ?

Frame 60: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0
Ethernet II, Src: Procurve_a0:c7:80 (c0:91:34:a0:c7:80), Dst: Apple_f3:ac:2a (24:a0:74:f3:ac:2a)
Internet Protocol Version 4, Src: 52.84.105.126, Dst: 172.16.44.155
Transmission Control Protocol, Src Port: 443, Dst Port: 55760, Seq: 1, Ack: 518, Len: 156
Secure Sockets Layer
    TLSv1.2 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 100
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 96
            Version: TLS 1.2 (0x0303)
            Random
                GMT Unix Time: Dec 19, 1984 05:08:32.000000000 IST
                Random Bytes: 067f9f079aca9da31cdecec70c54428376a38194d9134f2a...
            Session ID Length: 32
            Session ID: 87bfb9dc500ea382098ff6c23756e43c13d25f302d3a311e...
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
            Compression Method: null (0)
            Extensions Length: 24
            Extension: renegotiation_info
                Type: renegotiation_info (0xff01)
                Length: 1
                Renegotiation Info extension
                    Renegotiation info extension length: 0
            Extension: status_request
                Type: status_request (0x0005)
                Length: 0
            Extension: Application Layer Protocol Negotiation
                Type: Application Layer Protocol Negotiation (0x0010)
                Length: 11
                ALPN Extension Length: 9
                ALPN Protocol
                    ALPN string length: 8
                    ALPN Next Protocol: http/1.1
    TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
        Content Type: Change Cipher Spec (20)
        Version: TLS 1.2 (0x0303)
        Length: 1
        Change Cipher Spec Message
            [Expert Info (Note/Sequence): This session reuses previously negotiated keys (Session resumption)]
                [This session reuses previously negotiated keys (Session resumption)]
                [Severity level: Note]
                [Group: Sequence]
    TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 40
        Handshake Protocol: Encrypted Handshake Message

Open in new window


Thanks
0
Comment
Question by:Rohit Bajaj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 24

Accepted Solution

by:
Dirk Kotte earned 2000 total points
ID: 41829270
take a look to this flowchart: https://upload.wikimedia.org/wikipedia/commons/thumb/a/ae/SSL_handshake_with_two_way_authentication_with_certificates.svg/1280px-SSL_handshake_with_two_way_authentication_with_certificates.svg.png

i think you captured the first packet from server to client (the last from phase 1)
this packets don't contain the certificate.
take a look to the next packets. there must be a bigger one.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question