Hi, I'm connecting using TLS 1.2 SRV 2K12 R2 but ultimately getting the message in the title. I was wondering if it'd be possible to figure out the reason via Wireshark. I'm only getting the Client\Server Hello and then the Public cert exchange. The other end fully supports TLS 1.0,1.1 and 1.2 and has A ratings on SSLLABS albeit using a SHA1 cert. The following are wireshark output: https://www.dropbox.com/sh/yxjk3rj0lyclyn4/AADxGu6Q4tT6mzPXMJge7IGLa?dl=0 Thanks! asked 02 Aug '16, 03:35  xcalibur showing 5 of 6 show 1 more comments |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Any Alert messages after that or do you just get a TCP RST? For some reason the
server_namefield in the Server Hello is empty, that could be a misconfiguration on the server part that rejects your hostname. I would look into thatI actually dont see anything after or before it (using "ssl" as the filter query). But I will surely check with the other side to make sure they dont use some sort of a whitelist.
Then again had it been whitelisting then I wouldnt be able to get neither HELLOs.
I uploaded the full PCAP if it's any good...
The pcap is more helpful, although it just shows the client closing the connection with a RST just after the server sent the "Server Hello Done".
You might also note that there is also a lot of other traffic in the capture, Windows SMB and SQL Server stuff that you might not want to have shown to the world.
Thanks for letting me know. I thought it saved just the selected packaets. Fixed now.