1 | initial version |
Looking at frame 16510, the ssl session is 0x11f056940, and the handshake frames for that session are 16489 & 16505:
dissect_ssl enter frame #16489 (first time)
packet_from_server: is from server - FALSE
conversation = 0x11f056870, ssl_session = 0x11f056940
record: offset = 0, reported_length_remaining = 226
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 221, ssl state 0x00
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 217 bytes, remaining 226
Calculating hash with offset 5 221
ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01
dissect_ssl enter frame #16505 (first time)
packet_from_server: is from server - TRUE
conversation = 0x11f056870, ssl_session = 0x11f056940
record: offset = 0, reported_length_remaining = 86
ssl_try_set_version found version 0x0303 -> state 0x91
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 81, ssl state 0x91
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 77 bytes, remaining 86
ssl_try_set_version found version 0x0303 -> state 0x91
Calculating hash with offset 5 81
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93
ssl_set_cipher found CIPHER 0xC030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -> state 0x97
ssl_load_keyfile dtls/ssl.keylog_file is not configured!
tls13_change_key TLS version 0x303 is not 1.3
tls13_change_key TLS version 0x303 is not 1.3
The cipher used is a DH variant: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
.