https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13191
Peter Wu <pe...@lekensteyn.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |RESOLVED Resolution|--- |NOTABUG --- Comment #1 from Peter Wu <pe...@lekensteyn.nl> --- The capture seems malformed. Frame 11 + 12, reassembled: [Client Hello ...] [elliptic_curves extension ...] 00 00 Extension Type: Server Name Indication (0) 17 00 Extension Length: 5888 (!) Interpreting it in a slightly different way: [Client Hello ...] [elliptic_curves extension ...] 00 00 Extension Type: Server Name Indication (0) 17 00 15 00 (?? what is this garbage) 00 12 Length: 18 77 77 77 2e 73 61 6d 73 75 6e 67 6f 74 6e 2e 6e 65 74 www.samsungotn.net 00 0b Extension Type: EC Point Formats 00 04 Length: 4 03 00 01 02 00 0a Extension Type: supported_groups (renamed from elliptic_curves) 00 34 Length: 52 00 32 00 01 00 02 00 03 00 04 00 ... This makes no sense, your MITM tool is broken, it is producing garbage that (rightfully) makes the server reset the connection. Though for some weird reason, frame 199 does contain a Server Hello (in response to the malformed Client Hello in frame 198). Is this an attempt to exploit a vulnerability? -- You are receiving this mail because: You are watching all bug changes.
___________________________________________________________________________ Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe