Hello, I hope that this is the correct place to add this post, please let me know if I should move it.
I have been looking at an openVPN capture and it appears that there is no TLS Record Layer involved with openVPN. Looking at the packet structure it appears that the TLS encryption happens just inside the TCP layer. Thus a wireshark capture shows TCP information and then an SSL layer which is just encrypted data. I think that it only identifies the information as SSL based on the fact that I am connecting using TCP and port 443.
If I look at a packet capture using SSTP or HTTPS (both of which use SSL/TLS) I can see the Record Layer information and the encrypted data inside of it.
Please let me know if I am misunderstanding something.
Is there a reason that openVPN does not have the record layer?
Is this something that is specifically disabled for some reason (overhead maybe)?
Could it be turned on?
I would have though that this would have come directly from openSSL, is that correct?
Let me know if anyone has any thoughts... and thanks for your time.
TLS Record Layer
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: TLS Record Layer
openvpn is NOT a fully TLS-based application. The control channel acts (almost) like a regular TLS channel, but the datachannel - over which all VPN data is passed - is encrypted entirely differently. Unless your capture program knows how to handle this you will never be able to inspect the VPN traffic.