This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello, I need your help to confirm or not my analysis. I can't see the "finished" packets in all my ssl/tls handshake. This packets is supposed to be send by each sides after the CCS packet as describe in the RFC 2246. The only packet sent immediately after the CCS message is an "Encrypted handshake message". Is it the finished packet?

For info I am using wireshark v 2.0.2. I have also tried with the latest.

Thank for your help:)alt text

asked 14 Nov '16, 23:18

remyd59's gravatar image

remyd59
11114
accept rate: 0%


Yes, the "finished" handshake message comes right after the ChangeCipherSpec. The CCS means that from that point onward, all packets will be encrypted with the negotiated session keys. If you decrypt the SSL traffic, you will see the Finished handshake messages unencrypted.

permanent link

answered 15 Nov '16, 01:12

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Thank you for your quick feedback.

(15 Nov '16, 02:08) remyd59
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×75
×44

question asked: 14 Nov '16, 23:18

question was seen: 3,054 times

last updated: 15 Nov '16, 02:31

p​o​w​e​r​e​d by O​S​Q​A