Hi,
I have two captures, one of an successful SSL handshake, and one of an unsuccessful SSL handshake (server never responded with server hello but instead sent a FIN,ACK).
The successful one displays in wireshark protocol column as SSLv3, and in the decoding window shows like so:
Secure Socket Layer
SSLv3 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
Length: 117
Handshake Protocol: Client Hello
The unsuccessful one shows in wireshark protocol column as merely SSL (not SSLv3), and in the decoding window as:
Secure Socket Layer
SSL Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
Length: 117
Handshake Protocol: Client Hello
Both have SSL3.0 in the version field, so what subtle difference is wireshark detecting that makes it display as SSL rather than SSLv3 ?
Thanks in advance for any help you can offer.
