This is our old Q&A Site. Please post any new questions and answers at

Hello, I need your help to confirm or not my analysis. I can't see the "finished" packets in all my ssl/tls handshake. This packets is supposed to be send by each sides after the CCS packet as describe in the RFC 2246. The only packet sent immediately after the CCS message is an "Encrypted handshake message". Is it the finished packet?

For info I am using wireshark v 2.0.2. I have also tried with the latest.

Thank for your help:)alt text

asked 14 Nov '16, 23:18

remyd59's gravatar image

accept rate: 0%

Yes, the "finished" handshake message comes right after the ChangeCipherSpec. The CCS means that from that point onward, all packets will be encrypted with the negotiated session keys. If you decrypt the SSL traffic, you will see the Finished handshake messages unencrypted.

permanent link

answered 15 Nov '16, 01:12

SYN-bit's gravatar image

SYN-bit ♦♦
accept rate: 20%

Thank you for your quick feedback.

(15 Nov '16, 02:08) remyd59
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 14 Nov '16, 23:18

question was seen: 3,873 times

last updated: 15 Nov '16, 02:31

p​o​w​e​r​e​d by O​S​Q​A