On Apr 3, 2012, at 7:35 AM, bitozoid wrote:
> This is another capture. Still having the same problem.
It might be that the way the SMTP dissector is handling STARTTLS causes it to arrange that, once the first pass is done, *all* packets in that TCP connection are being dissected as SSL/TLS packets, even the ones *before and including* the STARTTLS.
I have a started-long-ago-but-never-finished project to do something to the STARTTLS handling; I'll have to go back to it, but it might've been attempting to solve a problem of that sort.
Do you have a capture that you can send me that shows this problem? (You don't have to send me anything needed to decrypt it to at least let me look at it initially.)
