SSL over TDS, SQL Server 2005 Express
-
03-10-2019 - |
Question
I capture packets sent/received by Win Xp machine when connecting to SQL Server 2005 Express using TLS encryption.
- Server and Client exchange Hello messages
- Server and Client send ChangeCipherSpec message
- Then Server and Client server send strange message that is not described in TLS protocol
What is the message?
Server side capture:
16 **SSL Handshake**
03 01
00 4a
02 ServerHello
00 00 46
03 01
4b dd 68 59 GMT
33 13 37 98 10 5d 57 9d ff 71 70 dc d6 6f 9e 2c Random[00..13]
cb 96 c0 2e b3 2f 9b 74 67 05 cc 96 Random[14..27]
20 72 26 00 00 0f db 7f d9 b0 51 c2 4f cd 81 4c Session ID
3f e3 d2 d1 da 55 c0 fe 9b 56 b7 6f 70 86 fe bb Session ID
54 Session ID
00 04 Cipher Suite
00 Compression
14 03 01 00 01 01 **ChangeCipherSpec**
16 03 01 ???? Finished ???
00 20 d0 da cc c4 36 11 43 ff 22 25 8a e1 38 2b ???? ???
71 ce f3 59 9e 35 b0 be b2 4b 1d c5 21 21 ce 41 ???? ???
8e 24
Solution
16 03 01
00 20 d0 da cc c4 36 11 43 ff 22 25 8a e1 38 2b
71 ce f3 59 9e 35 b0 be b2 4b 1d c5 21 21 ce 41
8e 24
This message is already encrypted, therefore to see
14 03 01 00 00 0c
it needs to be decrypted first
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow