SSL over TDS, SQL Server 2005 Express

StackOverflow https://stackoverflow.com/questions/2779051

  •  03-10-2019
  •  | 
  •  

Question

I capture packets sent/received by Win Xp machine when connecting to SQL Server 2005 Express using TLS encryption.

  • Server and Client exchange Hello messages
  • Server and Client send ChangeCipherSpec message
  • Then Server and Client server send strange message that is not described in TLS protocol

What is the message?

Server side capture:

16                                                     **SSL Handshake**       
03 01 
00 4a 
02                                                     ServerHello
00 00 46 
03 01  
4b dd 68 59                                            GMT  
33 13 37 98 10 5d 57 9d ff 71 70 dc d6 6f 9e 2c        Random[00..13]
cb 96 c0 2e b3 2f 9b 74 67 05 cc 96                    Random[14..27] 
20 72 26 00 00 0f db 7f d9 b0 51 c2 4f cd 81 4c        Session ID
3f e3 d2 d1 da 55 c0 fe 9b 56 b7 6f 70 86 fe bb        Session ID
54                                                     Session ID
00 04                                                  Cipher Suite
00                                                     Compression

14 03 01 00 01 01                                      **ChangeCipherSpec**  

16 03 01                                               ???? Finished ???
00 20 d0 da cc c4 36 11 43 ff 22 25 8a e1 38 2b        ????          ???
71 ce f3 59 9e 35 b0 be b2 4b 1d c5 21 21 ce 41        ????          ??? 
8e 24
Was it helpful?

Solution 

16 03 01                                               
00 20 d0 da cc c4 36 11 43 ff 22 25 8a e1 38 2b       
71 ce f3 59 9e 35 b0 be b2 4b 1d c5 21 21 ce 41        
8e 24

This message is already encrypted, therefore to see 

14 03 01 00 00 0c

it needs to be decrypted first

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top