 | 1 | initial version |
Without the handshake Wireshark does not know the size of the Message Authentication Code (MAC) and possibly padding. That is needed for a correct dissection.
A feature request can be done at https://gitlab.com/wireshark/wireshark/-/issues
In the past, before complete sessions with NULL ciphers were dissected, I had a similar issue and made a little modification in the upper layer protocol to simply skip the 5-byte Application Data header. That was good enough in my case.
