The hex data shown below is a TLSv1 packet taken from a Wireshark trace. It shows an Encrypted Alert message according to Wireshark. The only problem is I cannot work out just what the alert really is - according to my research on the web the alert code level and description bytes contain the values 53 and AD - however these do not correspond to any values I can find. I believe the level code can be 1 or 2 and the description can be one of about 30 codes but decimal 173 is not one of these. Could anyone be good enough to enlighten me as to where I am going wrong in my analysis of the message and, ideally, tell me what the alert code really is? Many thanks.
asked 24 Jun '12, 11:17  Bernard46 edited 24 Jun '12, 11:19 |
One Answer:
I may have found the answer to my own question! Searching round the web a bit more I came across a post elsewhere which suggested that the actual codes are encrypted, hence the "Encrypted" Alert! I would be grateful if anyone can confirm this - it would explain why I seem to be seeing a lot of different alert codes with no consistency and none of them appear in the TLS specifications! It may be that I have to try and find the developers and ask them if they would mind debugging this area in order to find out what is going on! answered 24 Jun '12, 15:37 Bernard46 |
