This is our old Q&A Site. Please post any new questions and answers at

I am using the pre-master-secret to decrypt SSL web traffic. I can see the reassembled and decrypted packets just fine. It works great! Thanks for this feature, by the way. The negotiated version of TLS is TLSv1 for this session but I sometimes see TLSv1 in the protocol field and sometimes see SSL in the protocol field in the same stream. The TLS that has been decrypted is shown as HTTP but the SSL segments of a reassembled PDU are show as either TLSv1 or SSL -- even though it is all supposed to be TLSv1. How is this protocol field determined? Thanks. Sally

asked 03 Jul '13, 07:39

serrano's gravatar image

accept rate: 0%

Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 03 Jul '13, 07:39

question was seen: 1,727 times

last updated: 03 Jul '13, 07:39

p​o​w​e​r​e​d by O​S​Q​A