Ask Your Question
0

Help with TLS1.2 connection issue

asked 2022-02-04 14:39:26 +0000

eyalg gravatar image

updated 2022-02-04 15:25:37 +0000

grahamb gravatar image

Hi experts,

We have a problem with a .net web app trying to connect to some Web Service. We are not sure what is going on. I am not sure if this is a TLS1.2 connection issue or something else. I have this WireShark trace summary. I can see the client sending a FIN request but not sure if this the TLS 1.2 handshake finished OK or not:

733 6.169095  Application .Net IP      mid tier IP(WS)  TCP      66     55137 > https [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1410 WS=256 SACK_PERM=1
735 6.170224  Application .Net IP      mid tier IP(WS)  TCP      54     55137 > https [ACK] Seq=1 Ack=1 Win=1048832 Len=0
736 6.170889  Application .Net IP      mid tier IP(WS)  TLSv1.2  243    Client Hello
737 6.173031  mid tier IP(WS)      Application .Net IP  TLSv1.2  1464   Server Hello
738 6.173137  mid tier IP(WS)      Application .Net IP  TLSv1.2  1359   Certificate, Server Key Exchange, Server Hello Done
739 6.173149  Application .Net IP      mid tier IP(WS)  TCP      54     55137 > https [ACK] Seq=190 Ack=2716 Win=1048832 Len=0
740 6.178450  Application .Net IP      mid tier IP(WS)  TLSv1.2  236    Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
741 6.179193  mid tier IP(WS)      Application .Net IP  TLSv1.2  400    Encrypted Handshake Message, Change Cipher Spec, Encrypted Handshake Message
742 6.184131  Application .Net IP      mid tier IP(WS)  TLSv1.2  2843   Application Data
743 6.184425  mid tier IP(WS)      Application .Net IP  TCP      60     https > 55137 [ACK] Seq=3062 Ack=3161 Win=2097920 Len=0
758 6.293462  mid tier IP(WS)      Application .Net IP  TLSv1.2  715    Application Data
759 6.309837  Application .Net IP      mid tier IP(WS)  TCP      54     55137 > https [ACK] Seq=3161 Ack=3723 Win=1047808 Len=0
760 6.359905  Application .Net IP      mid tier IP(WS)  TCP      54     55137 > https [FIN, ACK] Seq=3161 Ack=3723 Win=1047808 Len=0
761 6.360152  mid tier IP(WS)      Application .Net IP  TCP      60     https > 55137 [ACK] Seq=3723 Ack=3162 Win=2097920 Len=0
762 6.360256  mid tier IP(WS)      Application .Net IP  TLSv1.2  139    Encrypted Alert
763 6.360260  mid tier IP(WS)      Application .Net IP  TCP      60     https > 55137 [FIN, ACK] Seq=3808 Ack=3162 Win=2097920 Len=0
764 6.360300  Application .Net IP      mid tier IP(WS)  TCP      54     55137 > https [RST, ACK] Seq=3162 Ack=3808 Win=0 Len=0
765 6.360335  Application .Net IP      mid tier IP(WS)  TCP      54     55137 > https [RST] Seq=3162 Win=0 Len=0
edit retag flag offensive close merge delete

Comments

Can you share the PCAP file?

hugo.vanderkooij gravatar imagehugo.vanderkooij ( 2022-02-04 15:20:30 +0000 )edit

I am not sure if I can share it. Is it not possible to conclude from the info provided whether the TLS connection was successful or not?

eyalg gravatar imageeyalg ( 2022-02-04 15:26:59 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-02-04 15:29:47 +0000

grahamb gravatar image

The TLS handshake looks good, then the client (Application .Net IP) sends a chunk of encrypted data (frame 742), the server (mid tier IP(WS)) sends back a smaller chunk in reply (frame 758) and the client then closes the connection.

If there's anything wrong it looks more like an application issue rather than TLS.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2022-02-04 14:39:26 +0000

Seen: 502 times

Last updated: Feb 04 '22

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2