PSH data between TCP 3WHS and SSL handshake
Hi all,
What would be the reason why a host would send the following sequence :
ACK, PSH-ACK, ACK just after it finishes the 3WHS and before handshake.
What could be included in those packets?
Regards. Liviu
That may depend on what protocol is being run over SSL. What is the complete sequence of packets, on both sides of the connection? If the only data being sent after the 3WHS and before the handshake is one segment of data from that host to the peer, it doesn't look like, for example, the STARTTLS opportunistic TLS negotiation for SMTP, as that involves the server sending "250 STARTTLS", the client responding with a "STARTTLS" command, and the server responding with a 220 response letting the client know that it can proceed.