Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] TLS Alert Fatal Messages

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Sheahan, John" <John.Sheahan@xxxxxxxxxxxxx>
Date: Wed, 28 Apr 2010 16:20:12 -0400
Those are all great points Sake, thanks.

I'm not sure how to check the certificate in Wireshark?

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sake Blok
Sent: Wednesday, April 28, 2010 3:59 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] TLS Alert Fatal Messages

On 28 apr 2010, at 18:02, Sheahan, John wrote:

> I have just identified some Fatal error messages that occur occasionally between a client and an SSL server.
> The errors that the client throw are:
> 
> Alert(Level: Fatal, Description: Certificate Unknown)
> 
> and
> 
> Alert(Level: Fatal, Description: Internal Error)
> 
> 
> There are many TCP conversations going on constantly between this host and destination server but it's only once every few days that the host will suddenly throw these couple of errors and then things continue as usual for another few days.
> 
> Can anyone give me any ideas as to what might be happening here?

First of all, the RFC for TLS (http://www.ietf.org/rfc/rfc2246.txt) is your friend:

For the certificate unknown error:

certificate_unknown
       Some other (unspecified) issue arose in processing the
       certificate, rendering it unacceptable.

some implementations also give this error if the received certificate was signed by a CA that was not in the list of trusted CA's. Did you check whether the certificate that was sent by the server when the error ocuurs is the same certificate that is being sent when there are no errors? If not, then that might be a problem. If it is, the client is acting strangely.


For the internal error:

internal_error
       An internal error unrelated to the peer or the correctness of the
       protocol makes it impossible to continue (such as a memory
       allocation failure). This message is always fatal.

looks like the client has some issues locally.

If you see the errors in the same time-frame, I would suspect some resource problems on the client when it happens. But that's just a hunch :-)

Cheers,

Sake

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube