Certificate weird behaviour

2018-10-19 05:24:12

I tried to understand a certificate issue and capturing using wireshark the different sequence.

The case that is not working ( wifi connection through my cable provider) , i see a :

- client Hello

- server Hello

- from again the server : Certificate, Server Key Exchange, server Hello Done

I'm able to see the certificate causing the issue (non valid ).

Now the case that is working ( same computer/browser ) , the only difference is the internet access through a LTE provider )

The wireshark show :

-client hello

-server hello, change cipher spec, Encrypted Handshake Message

-from the client change cipher spec, Encrypted Handshake Message

...

I'm not being able to see the certificate on the capture ( i assume it's because it's encrypted (Encrypted Handshake Message)

And as this is the case that is working, i'm able to see the website with a complete different valid certificate than the 1st non working case.

My question is about the Encrypted Handshake Message, why thi