0

Recently I read some articles about SSL protocol, and analyze some SSL packets in wireshark. As far as I understood, after an APPLICATION DATA message, we shouldn't see any client hello ro server hello or certificate message.

I wrote a code to dissect SSL packets, and i saw a log which specified that this rule is broken, but unfortunately i lost that input pcap. Is it possible to have a client/server hello or certificate message after an application data message?

Saeed
  • 159
  • 3
  • 13
  • The server may send an Hello Request any time, see [RFC 5246](https://www.rfc-editor.org/rfc/rfc5246.txt) 7.4.1.1 for example. – Eugène Adell Jul 23 '19 at 06:34
  • @ Eugène but there is no comment that indicate that a client hello may be received after an application data. do you have any sample pcap with this feature? – Saeed Jul 23 '19 at 06:55
  • If data was already sent to each other, the client hello will follow an Client Hello Request. Not written in the doc itself, but it's clear enough if you read the whole. Sorry but it's not myself that needs to bring a capture here, if you believe that TLS is broken. – Eugène Adell Jul 23 '19 at 10:01

0 Answers0