I'm trying to debug LDAP SSL communication and experience a problem with SSL decryption. I start my capturing before any handshake so I'm able to see the whole SSL handshake. But after that an application establishes another session which is a short version with ClientHello->ServerHello, ChangeCipherSpec, Finished. And after that handshake I'm unable to decode client packets while server are still readable.
Could you advise me on a way to resolve that issue so that I could decode all the packets after the second handshake?
asked 24 Sep '13, 06:16
Does the second SSL handshake use a "TLS session tickets" that was sent in the first SSL handshake? Wireshark does not (yet) supoort session tickets for decryption. You could disable session tickets and use SSL session-id's instead.
If that's not the case, are you able to post both SSL handshakes to www.cloudshark.org?
answered 30 Sep '13, 13:38