Hello, I need your help to confirm or not my analysis. I can't see the "finished" packets in all my ssl/tls handshake. This packets is supposed to be send by each sides after the CCS packet as describe in the RFC 2246. The only packet sent immediately after the CCS message is an "Encrypted handshake message". Is it the finished packet?
For info I am using wireshark v 2.0.2. I have also tried with the latest.
Thank for your help:)
asked 14 Nov '16, 23:18
Yes, the "finished" handshake message comes right after the ChangeCipherSpec. The CCS means that from that point onward, all packets will be encrypted with the negotiated session keys. If you decrypt the SSL traffic, you will see the Finished handshake messages unencrypted.
answered 15 Nov '16, 01:12