Re: [TLS] TLS Next Proto negotiation

Adam Langley <> Mon, 18 July 2011 12:43 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D9ACF21F8BE8 for <>; Mon, 18 Jul 2011 05:43:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -105.377
X-Spam-Status: No, score=-105.377 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_65=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id CXrbG8xOCRc9 for <>; Mon, 18 Jul 2011 05:43:36 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 1A93421F8BEA for <>; Mon, 18 Jul 2011 05:43:35 -0700 (PDT)
Received: from ( []) by with ESMTP id p6IChYOo012500 for <>; Mon, 18 Jul 2011 05:43:34 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed;; s=beta; t=1310993014; bh=wayzFTIOF1p8sRMWpnZMonb+V0s=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type:Content-Transfer-Encoding; b=dH+E90IOntZpk/s03S0X/A/jirHORCJJCu+Bvv4K6bTkb3M3Z3vHXo3wH8s2tty6j My0N1OPSaumsoq0LLxtsA==
DomainKey-Signature: a=rsa-sha1; s=beta;; c=nofws; q=dns; h=dkim-signature:mime-version:in-reply-to:references:date: message-id:subject:from:to:cc:content-type: content-transfer-encoding:x-system-of-record; b=ax+LVUhkYgyalH8uuG4T87550no5XRk+vA+XzuVhz1ayGehsGj3LHH9SL8q79C92A KViSKm3VB9Lbt3rfdxrLw==
Received: from ywb6 ( []) by with ESMTP id p6IChW8P007792 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <>; Mon, 18 Jul 2011 05:43:33 -0700
Received: by ywb6 with SMTP id 6so2282759ywb.1 for <>; Mon, 18 Jul 2011 05:43:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=beta; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=opdAfPRHnWeoPIsLQB6H3jPM/lCnuW9tdEI2HQRDftU=; b=GmJpR1yq7NB20gXACQko4bR0OuHqQl/KAwhT0O+wczC6xVVPwPrHEOLvVeLougRx8x 0YwzdS9N+O5RVjZbcPcg==
MIME-Version: 1.0
Received: by with SMTP id p17mr875869yba.29.1310993011128; Mon, 18 Jul 2011 05:43:31 -0700 (PDT)
Received: by with HTTP; Mon, 18 Jul 2011 05:43:30 -0700 (PDT)
In-Reply-To: <>
References: <>
Date: Mon, 18 Jul 2011 08:43:30 -0400
Message-ID: <>
From: Adam Langley <>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-System-Of-Record: true
Cc: tls <>
Subject: Re: [TLS] TLS Next Proto negotiation
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 18 Jul 2011 12:43:37 -0000

On Mon, Jul 18, 2011 at 8:22 AM, <> wrote:
> I have gone the TLS NPN draft, it talks about the new handshake message Next Protocol handshake message which is sent from Client to server after Change cipher spec and before Finish. But when I capture the packet with NPN enable(using google chrome to browse google web services), I find NULL NPN extnesion is sent from client to server and server is responding back with NPN extension with the protocol. But there is no next protocol handshake message sent by client after change cipher spec, instead I see a strange encrypted packet from Server side even before server is sending change cipher spec, this is on new session.

Make sure that you're looking at the draft which reflects the current

The strange, encrypted message from the server is probably a session
ticket. Wireshark, at least in some versions, doesn't understand it
and incorrectly describes it as encrypted.

If the NPN extension exchange happened then the NextProtocol message
will be sent. Again, Wireshark doesn't dissect it very well and may
believe that it was merged into the Finished message; you'll have to
look at the bytes yourself. In the particular Chrome implementation,
the NextProtocol message is sent in its own record, so you can see the
framing without having to decrypt anything.