I am tracing traffic between an iPhone and our Exchange server. When the iPhone syncs, Wireshark shows only the Client Hello. The remainder of the handshake does not show. I know the handshake is successful and that encrypted data is passed because email is synced, and Schannel Event ID 36880 "An SSL server handshake completed successfully" is generated soon after the Client Hello. What am I missing? Thanks. asked 12 Dec '13, 11:22 sejong |
One Answer:
Perhaps partially answering my own question - the behavior I posted was when the iPhone was connected to the Internet via the cellular data network (Verizon, in this case). I retried it with the iPhone connected to the Internet via WiFi - all the expected elements of the handshake appeared in the Wireshark trace. Update - The previous WiFi connection was internal. A WiFi connection routed via the Internet has the same behavior as over the cellular data network. Typical details: Frame 1 is from the iPhone to the server, SSL protocol, destination port is 443 (this is the Client Hello) Frame 2 is from the iPhone to the server, TCP protocol, destination port is 443 Frame 3 is from the server to the iPhone, TCP protocol, source port is 443 Frame 4 is from the iPhone to the server, TCP protocol, destination port is 443 answered 12 Dec '13, 12:46 sejong edited 13 Dec '13, 16:57 |