Ask Your Question

Revision history [back]

From my reply at

In your screenshot, the visible frames are:

1. C->S Protected Payload
2. S->C Handshake, PKN:0, CRYPTO
3. C->S Handshake, PKN:0, ACK, CRYPTO
4. S->C Handshake, PKN:1, ACK
5. C->S Protected Payload
11. S->C Protected Payload

The selected packet (frame 4) shows that draft 24 is in use. I would have expected an Initial Packet message to be present. Perhaps frame 1 has additional data.

Do frames 5-11 actually mention that decryption failed? If so, it should describe the reason. If you were expecting HTTP/3, note that it is still work in progress, and not supported in the current Wireshark 3.2 release nor the development version, v3.3.0rc0-225-g76dfe6004b.

For better analysis, please attach the original packet capture and the SSLKEYLOGFILE file. For the current state of QUIC support in Wireshark, please refer to and find capture samples at