This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Why SSL “client hello” message has two segments

1

When my server do the SSL handshake with clients, it will receives a "client hello" message with two segments.

My server has a bug when deal with the two segments "client hello".

But Why SSL "client hello" message has two segments.The TCP MSS is 1280.

Do you have any idea?

Thanks a lot.

alt text


I captured packets on the clients after fixing the bug on the serer.

Before the bug was fixed, the client would send "RST" after "client hello".

alt text

asked 10 Sep '15, 08:45

Frank9527's gravatar image

Frank9527
16113
accept rate: 0%

edited 12 Sep '15, 04:22


One Answer:

1

There's nothing explicitly wrong with that, a correctly written server should handle that just fine.

It is odd though, that the Client Hello has been chopped into a 216 and 4 byte segments with a very small time delay between the 2.

I'm assuming the capture has been done on the server, can you capture on the client to see what's being transmitted?

answered 10 Sep '15, 09:36

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Thanks. I'm not familiar with the SSL protocol. I just think the TCP's MSS property will cause segment. Can the SSL property decide the segment?

(12 Sep '15, 04:29) Frank9527

The MSS of 216 is causing the segmentation. Perhaps a device inbetween has MSS clamping enabled.

(12 Sep '15, 08:59) Roland