forums.meulie.net

TLS Handshake Large Client Hello Response

Hi all,

I’m wondering if someone could help, would really appreciate it! I’ve captured a trace that shows establishing a MQTT over TLS connection and have a question regarding the TLS handshake that I’m seeing. The Client Hello is sent from client to server (31), followed by the TCP ACK from server to client (32), as expected. I then see the server sending the client something (33-36), followed by the Server Hello (37). Packets 33-36 seem strange to me, other TLS handshakes I’ve seen are missing 33-36 and instead are just Client Hello, ACK, Server Hello. Can anyone shed any light on what is being sent here and why?

Full trace can be download from: https://filebin.net/sdnrwwu2ge7sbbv3
Filter to: tcp.stream eq 2

Thanks very much