This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Is this expected HTTPS behavior?

0

Hello,

I'm getting a timeout/"web page unavailable" on a network device i should be able to login via HTTPS. That port is open and I can telnet to 443, so I did a trace. I've attached a trace file. I am the .160 address and the network device is the .115 address (I've anonymized the trace). I really don't understand why the FIN is coming from my machine at packet 6...

Here is the trace file: https://drive.google.com/file/d/0B8-kDu5JM-P2NmxPWDltX3Y5dkk/view?usp=sharing

Thanks in advance for any help.

asked 05 Dec '14, 15:36

patrick_harrold's gravatar image

patrick_harrold
36558
accept rate: 0%


2 Answers:

1

As @mrEEDE said unless you create another capture containing all the traffic (did you sanitise the first in some way by chopping bytes?) it's hard to tell what's going on.

My guess is that the server doesn't properly handle something in the client hello, e.g. SSL protocol level or cipher choice, and instead if returning a sensible response, or closing the connection itself, it just isn't responding leading the client to timeout and close the connection.

Try making the client use a different ssl level, e.g. drop down if currently using TLS 1.2, or move up if using SSL 3.0.

answered 07 Dec '14, 05:59

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Apologies for the late reply. Thank you both for the help.

(29 Dec '14, 14:27) patrick_harrold

0

You did not trace the full packets so it's hard to comment based on ip/tcp headers only . If the client's 211 bytes is a ClientHello then the server should respond with a ServerHello, which it doesn't. If this is not a ClientHello then the server is right in not responding...

Regards Matthias

answered 07 Dec '14, 02:32

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%