Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Ethereal-users: Re: [Ethereal-users] Re : SSL Encrypted Alert Message

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Scott Renfro <scott@xxxxxxxxxx>
Date: Mon, 8 Oct 2001 22:15:03 -0700
On Fri, Oct 05, 2001 at 09:54:00AM +0800, Tony Teo wrote:
> 
> Can anyone explain to me what does "Alert Message : Encrypted Alert"
> means ?  I look at the timestamp and discover that whenever this alert
> message occur there is always a delay of a couple of seconds.

The SSL/TLS alert protocol allows a sender to transmit a notice to the
other endpoint.  The alert protocol is layered on top of the record
protocol, so when an alert is transmitted after a successful handshake,
it will be encrypted with the current cipher spec. There are many types
of alerts, but the most common alert is a close_notify, where the sender
initiates the end of a connection.

Since the alert is encrypted in this case, the only way to determine
which alert is being sent is to infer it from the context (e.g., you
know a bad certificate is being sent by the recipient) or to use ssldump
if you have the server's private key.

cheers,
--Scott

-- 
Scott Renfro <scott@xxxxxxxxxx>