Is [TCP segment of a reassembled PDU] an issue? I have am seeing a TLS handshake packet [ClientHello] coming in, with the [ACK]going out followed by 4 packets from the server with a len of 2788 (these have the [TCP segment of reassembled PDU] tag) that upstream is being split into 8 packets (also with the [TCP segment of reassembled PDU] tag) of 1424 each followed by a combined TLS handshake paket with [ServerHello, Certificate, ServerKeyExchange, CertificateRequest, ServerHelloDone] all in the same packet (len 1295).
In some cases, we are seeing a [FIN,ACK] return from the client instead of the expected [Certificate, ClientKeyExchange, CertificateVerify, ChangeCipherSpec, EncryptedHandshakeMessage].
Appreciate any insight that can be offered!