This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

TLS finished packet renamed Encrypted handshake message?

0

Hello, I need your help to confirm or not my analysis. I can't see the "finished" packets in all my ssl/tls handshake. This packets is supposed to be send by each sides after the CCS packet as describe in the RFC 2246. The only packet sent immediately after the CCS message is an "Encrypted handshake message". Is it the finished packet?

For info I am using wireshark v 2.0.2. I have also tried with the latest.

Thank for your help:)alt text

asked 14 Nov '16, 23:18

remyd59's gravatar image

remyd59
11114
accept rate: 0%

One Answer:

2

Yes, the "finished" handshake message comes right after the ChangeCipherSpec. The CCS means that from that point onward, all packets will be encrypted with the negotiated session keys. If you decrypt the SSL traffic, you will see the Finished handshake messages unencrypted.

answered 15 Nov '16, 01:12

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Thank you for your quick feedback.

(15 Nov '16, 02:08) remyd59