This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

ssl decode - client cert used?

0

Hi. Today I was asked to verify that particular ssl transaction did NOT include the sending of a Client Cert. So I captured packets on the client and fed them into wireshark. The SSL decode showed Client Hello, Server Hello, Certificate (from the server), Server Hello Done, Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message and Application Data It did NOT show a Certificate sent by the Client (nor any dropped packets).

Am I correct in concluding that if a Client Cert was sent, Wireshark would have decoded it and displayed it as such??

Thx!

asked 05 Jan '11, 18:27

feenyman99's gravatar image

feenyman99
96222226
accept rate: 25%


One Answer:

1

Yes, the server needs to ask for a client certificate with a "CertificateRequest" and then the client will have to answer with a "Certificate" message on its own.

But beware, this "Certificate" message from the client can also contain 0 certificates, which means the client does not have a certificate. When this happens, the server will reject the connection if it is configured to "Require" a certificate and accept the connection when the clientcertificate was "Optional".

answered 05 Jan '11, 22:22

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Perfect! That makes sense, and I can now confidently assert that a Client Cert was neither requested nor sent.

thx!

(06 Jan '11, 07:43) feenyman99