This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

When my server do the SSL handshake with clients, it will receives a "client hello" message with two segments.

My server has a bug when deal with the two segments "client hello".

But Why SSL "client hello" message has two segments.The TCP MSS is 1280.

Do you have any idea?

Thanks a lot.

alt text


I captured packets on the clients after fixing the bug on the serer.

Before the bug was fixed, the client would send "RST" after "client hello".

alt text

asked 10 Sep '15, 08:45

Frank9527's gravatar image

Frank9527
16113
accept rate: 0%

edited 12 Sep '15, 04:22


There's nothing explicitly wrong with that, a correctly written server should handle that just fine.

It is odd though, that the Client Hello has been chopped into a 216 and 4 byte segments with a very small time delay between the 2.

I'm assuming the capture has been done on the server, can you capture on the client to see what's being transmitted?

permanent link

answered 10 Sep '15, 09:36

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Thanks. I'm not familiar with the SSL protocol. I just think the TCP's MSS property will cause segment. Can the SSL property decide the segment?

(12 Sep '15, 04:29) Frank9527

The MSS of 216 is causing the segmentation. Perhaps a device inbetween has MSS clamping enabled.

(12 Sep '15, 08:59) Roland
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×26
×21
×6

question asked: 10 Sep '15, 08:45

question was seen: 5,151 times

last updated: 12 Sep '15, 08:59

p​o​w​e​r​e​d by O​S​Q​A