http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2195
Summary: ssl decoding stops after TLSV1 package "Ignored Unknown
Record"
Product: Wireshark
Version: 0.99.7
Platform: PC
OS/Version: All
Status: NEW
Severity: Major
Priority: Medium
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: michael.brumme@xxxxxxxxxxx
Build Information:
Version 0.99.7 (SVN Rev 23910)
Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.12.1, with GLib 2.14.3, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with SMI 0.4.5, with ADNS, with Lua 5.1,
with
GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio PortAudio
V19-devel, with AirPcap.
Running on Windows Server 2003 Service Pack 1, build 3790, with WinPcap version
4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without
AirPcap.
Built using Microsoft Visual C++ 6.0 build 8804
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
I use wireshark to decode secure sip traffic.
Under ssl I used the following settings:
10.21.222.10,5061,sip,d:\ram\ssl\nora\server.pem;10.21.44.24,5061,sip,d:\ram\ssl\nora\server.pem;
Now I have the problem that the wireshark stops decoding the sip protocol out
of the ssl connection as soon as the sip server sends a TLSV1 package "Ignored
Unknown Record". See attached trace line 2477.
The last successful decode package is in line 2475 (even it displays malformed
SSL) and the first package which gets not decode anymore is in line 2481.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
