In normal case the finished packet from either the client or server gets decrypted. Whereas the decryption problem occurs in case of HELLO_REQUEST scenario from the server. During the hello request the finished packet from both the server and client is decrypted by a wrong key. I had found this by verifying that the Finished Handshake ID of 0x14 not present in the finished message after decrypting.

Hi,

A server hello means the server wants the client to begin the cipher spec negotiation process all over again.

Does the client respond to the Server Hello with a Client Hello ? Does the renego complete successfully ?

Let me check if there are any known problems with this scenario.

Regards,
Vivek Rajan

Yes, the client and server had completed the re-negotiation process successfully. So both had accept their new security parameters,but the unsniff tool doesnt decrypt the SSL traffic after receiving HELLO_REQUEST from the server.