I'm facing a similar problem -- I'm trying to improve the SSL dissector and actually make it work in the face of things like TCP retransmissions.
However, it appears that it was written prior to the TCP reassembly stuff being supported. I don't have the experience of complex dissectors to really know what I am doing. Is anybody else working on fixing the SSL dissector? [The issue is that when SSL decrypts SSL records, it updates its decryption context. Thus it has to decrypt the records in order, exactly once. Yes, I realize that if packets get dropped from the capture then you are out of luck. However, in my case, I often see an SSL record being transmitted, no ack to it (delayed ack), and then the other end sends the original SSL record with the next SSL record in the same TCP segment. This desynchronizes the decryptor and from that point on, no decryption happens.] Philip -- Philip Gladstone Ham: N1DQ ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
