Here's some examples I've put together to show you various differences that's commonly encountered.
Microsoft IDs 65281, 35, & 5
Cisco IDs 65281 and 35
Here's heartbeat support id15 which did not translated in the debug output via openssl
A local email-appliance IDs 65281 and 15
Since the tls server extension happens before the SSL session is negotiated, these messages can easily be displayed via tshark/wireshark and by monitoring the client/server hellos.
Be advise that that various forward-proxies can change or remove various extension during the negotiation.
example in my office behind a proxy the same microsoft site now shows;
Now just the single IDs 65281 shows up.
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment