02-15-2009 01:47 PM - edited 03-11-2019 07:50 AM
Hi,
During https connection after the handshake is successfully done, I am getting 'Encrypted Alert' message in Wireshark/Ethereal on one of the webpages. The alert error code is 21.
Does anyone know what Alert 21 means. Or is there any list for alert protocol error codes and its description.
02-15-2009 07:00 PM
Hi,
It looks like alert code 21 means that the message could not be unencrypted:
http://en.wikipedia.org/wiki/Secure_Sockets_Layer#Alert_protocol
I've never experienced this problem, so I'm not sure how to proceed in troubleshooting it. Could the packets be corrupted during transportation?
Also, you mentioned "one of the webpages". Does this mean that you are only having this error when visiting a single page and all other pages are working? If so, you may want to look at the application side of things on the web server.
Hope that helps.
-Mike
07-18-2018 11:57 AM - edited 07-18-2018 12:07 PM
In a nutshell TLS is all about different records. Different records serve different purposes. Records have Content-Type field and Message fields (Some other fields too).
Content-Type will state Record Layer Protocol Type. Depending upon the Content-Type field's value, you know what is the purpose of a particular record. For eg: Content-Type=21 means that this is an Alert protocol and Content-Type=22 means that this is a Handshake protocol.
Message field will contain the actual message related to a particular Record Protocol type.
The Alert protocol further has a field called Description. This field contains the actual error information.
There are different Descriptions, the list could be found here: https://tools.ietf.org/html/rfc5246#page-29
Each Description has a Code associated with it. A Description named decryption_failed_RESERVED has Code of 21.
Now coming to the wireshark:
The 21 shown in the wireshark capture is not a code but it is value in the Content-Type field of the TLS record. In plain words, the wireshark is telling us that this is a TLS Alert protocol.
The Message field is encrypted. The wireshark is not able to look further into this Message field as it is encrypted. So, wireshark doesn't show the actual Message.
There is a possibility to decrypt the captures in wireshark. https://wiki.wireshark.org/SSL
Hope this helps.
Prab :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide