On Monday 19 October 2015 10:19:09 Albe Laurenz via RT wrote: > 7 0.189902000 10.155.6.40 10.153.93.229 TLSv1 259 > Client Hello > 8 0.192699000 10.153.93.229 10.155.6.40 TLSv1 1485 > Server Hello, Certificate, Server Key Exchange, Server Hello Done
so we know that 10.155.6.40 is the client while 10.153.93.229 is the server > 38 0.237265000 10.153.93.229 10.155.6.40 TLSv1 91 > Encrypted Handshake Message Server is sending Hello Request > 39 0.237265000 10.153.93.229 10.155.6.40 TLSv1 > 1008 Application Data, Application Data Server is continuing sending the data > 41 0.241914000 10.155.6.40 10.153.93.229 TLSv1 > 331 Encrypted Handshake Message Client is sending Client Hello > 42 0.244284000 10.153.93.229 10.155.6.40 TLSv1 > 1514 Encrypted Handshake Message, Encrypted Handshake Message > 43 0.244285000 10.153.93.229 10.155.6.40 TLSv1 > 150 Encrypted Handshake Message Server replies with Server Hello, Certificate and Server Hello Done > 45 0.248419000 10.155.6.40 10.153.93.229 TLSv1 91 > Application Data > 46 0.248492000 10.155.6.40 10.153.93.229 TLSv1 > 155 Application Data Client continues sending data > 48 0.253568000 10.155.6.40 10.153.93.229 TLSv1 > 155 Encrypted Handshake Message Client replies to Server Hello Done with Client Key Exchange... > 49 0.257257000 10.155.6.40 10.153.93.229 TLSv1 91 > Change Cipher Spec > 50 0.257494000 10.155.6.40 10.153.93.229 TLSv1 > 107 Encrypted Handshake Message ...Change Cipher Spec and Finished > 52 0.257939000 10.153.93.229 10.155.6.40 TLSv1 > 144 Change Cipher Spec, Encrypted Handshake Message server replies with Change Cipher Spec and Finished > 53 0.258048000 10.153.93.229 10.155.6.40 TLSv1 > 1514 Application Data > 59 0.258282000 10.153.93.229 10.155.6.40 TLSv1 > 1020 Application Data server replies with data to client > Ist that good enough? Can you infer from context which "Encrypted > Handshake Message" is what? yes, thank you, if that exchange is typical, then it's enough to allow application data between Client Hello and Certificate/Client Key Exchange to at least "patch up" this issue -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: PGP signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev