https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13191
Peter Wu <pe...@lekensteyn.nl> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|CONFIRMED |RESOLVED
Resolution|--- |NOTABUG
--- Comment #1 from Peter Wu <pe...@lekensteyn.nl> ---
The capture seems malformed.
Frame 11 + 12, reassembled:
[Client Hello ...]
[elliptic_curves extension ...]
00 00 Extension Type: Server Name Indication (0)
17 00 Extension Length: 5888 (!)
Interpreting it in a slightly different way:
[Client Hello ...]
[elliptic_curves extension ...]
00 00 Extension Type: Server Name Indication (0)
17 00 15 00 (?? what is this garbage)
00 12 Length: 18
77 77 77 2e 73 61 6d 73 75 6e 67 6f 74 6e 2e 6e 65 74 www.samsungotn.net
00 0b Extension Type: EC Point Formats
00 04 Length: 4
03 00 01 02
00 0a Extension Type: supported_groups (renamed from elliptic_curves)
00 34 Length: 52
00 32 00 01 00 02 00 03 00 04 00 ...
This makes no sense, your MITM tool is broken, it is producing garbage that
(rightfully) makes the server reset the connection.
Though for some weird reason, frame 199 does contain a Server Hello (in
response to the malformed Client Hello in frame 198). Is this an attempt to
exploit a vulnerability?
--
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
