| Bug ID |
8075
|
| Summary |
The SSL dissector stops decrypting the SSL conversation with Malformed Packet:SSL error messages
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
1.8.3
|
| Hardware |
x86
|
| OS |
Windows 7
|
| Status |
UNCONFIRMED
|
| Severity |
Major
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Build Information:
--
When using the following methods to capture TCP sessions we're only able to
decrypt parts of the SSL conversation. We've used Wireshark, TShark and dumpcap
to capture. I've ensured that there is '0' dropped packets. This is for HTTPS
conversations between a mobile client and webserver (ZXTM). The client
(browser) is not experiencing any problems but I'm only able to decrypt parts
of the conversation in Wireshark. At some point during the conversation I start
to get Malformed Packet: SSL errors from the server to the client. As this
point I'm unable to decrypt the rest of the conversation at all.
We took the pcap's off an inline TAP. To eliminate the TAP as the problem, we
decided to capture directly off the webserver (Red Hat Linux). When we reviewed
the files we could see exactly the same behavior on the webserver capture,
eliminating the network switching layer? The webserver is using hardware
checksum and TCP segment offloading.
We've worked extensively with Jasper who suggested we should open a bug report.
I have plenty of pcap examples if someone wants to take a look at it.
Thx!
Jaco
You are receiving this mail because:
- You are watching all bug changes.
