PSH data between TCP 3WHS and SSL handshake

asked 2018-09-14 13:13:22 +0000

Hi all,

What would be the reason why a host would send the following sequence :

ACK, PSH-ACK, ACK just after it finishes the 3WHS and before handshake.

What could be included in those packets?

Regards. Liviu

edit retag flag offensive close merge delete


That may depend on what protocol is being run over SSL. What is the complete sequence of packets, on both sides of the connection? If the only data being sent after the 3WHS and before the handshake is one segment of data from that host to the peer, it doesn't look like, for example, the STARTTLS opportunistic TLS negotiation for SMTP, as that involves the server sending "250 STARTTLS", the client responding with a "STARTTLS" command, and the server responding with a 220 response letting the client know that it can proceed.

Guy Harris gravatar imageGuy Harris ( 2018-09-14 19:44:06 +0000 )edit