On Wed, Dec 19, 2018 at 03:47:25PM +0100, T.Tributh wrote: > Shall I open a ticket for openssl?
Before you do that, it would be good to have clarity about the specific behaviour you're seeing and how it differs from what you want, and whether you want to see changes in the client or in the server. To that end, please post a "tshark" decode of a TLS 1.2 handshake (thus avoiding encrypted handshake records that make much of the TLS 1.3 handshake opaque, and your tshark may not yet support TLS 1.3). With reference to that handshake explain what you'd like to see happen differently on either the client or server end. Capture a PCAP file of the traffic with # pcap=$(mktemp -t ocsp) # port=25 # or 587, 465, ... # tcpdump -s0 -w "${pcap}" tcp port "${port}" extract traffic for a specific connection of interest (you may need to look through the pcap interactively looking for the connection you wanted). # conn=$(mktemp -t session) # client_port=... # provide the desired value # tcpdump -s0 -r "${pcap}" -w "${conn}" tcp port "${client_port}" and post the decoded handshake from: # tshark -r "${conn}" -d "tcp.port==${port},ssl" -V | sed -ne '/^Secure Sockets Layer/,/^$/p' Make sure to not rewrap the text. -- Viktor. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls