server isn't sending Certificate after Server Hello

1

I used Wireshark to capture the packets sent to and from google.com and a personal website of mine and...

google.com sends the Certificate right after the Server Hello. My own webserver, however, does not appear to do so. And yet, despite that, Google Chrome recognizes the websites cert.

My question is two fold.

  1. Why isn't the certificate being sent?
  2. How is the browser able to verify the authenticity of the website without having received the cert?

neubert

Posted 2016-01-05T20:17:42.973

Reputation: 3 991

Answers

4

Why isn't the certificate being sent?

Probably because no new SSL session was established but a previous session resumed.

How is the browser able to verify the authenticity of the website without having received the cert?

The certificate was verified when the SSL session got established. It will not get re-validated within the same session. A SSL session might span several TCP connections.

For more information how SSL session resumption work you might have a look at https://blog.cloudflare.com/tls-session-resumption-full-speed-and-secure/.

Steffen Ullrich

Posted 2016-01-05T20:17:42.973

Reputation: 3 897

Asked: 2016-01-05T20:17:42.973

Viewed: 780 times

Active: 2016-01-05T20:26:00.370