Working backwards, thinkclassic replies with a fatal handshake failure (558)

00000   15-03-00 00 02 02 28   

to Classilla trying to negotiate SSLv3 (557)

00000   16-03-00 00 53 01 00 00  4f 03 00 00 00 02 6e e8    ....S...O.....n.
00010   62 46 ad 32 8d a7 17 df  0c 27 bc 65 f9 5b e1 7f    bF.2.....'.e.[..
00020   4b 61 82 a9 c2 20 d2 ea  c6 42 62 00 00 28 00 39    Ka... ...Bb..(.9
00030   00 38 00 35 00 33 00 32  00 04 00 05 00 2f 00 16    .8.5.3.2...../..
00040   00 13 fe ff 00 0a 00 15  00 12 fe fe 00 09 00 64    ...............d
00050   00 62 00 03 00 06 01 00                             .b......

At 540 we have a normal application data packet in TLSv1 to TC:

00000   17 03 01 01 e0 ...
001e0   ec 99 84 39 ee

But at 541 Classilla throws a nonsense alert:

00000   15 03 01 00 20 bc 80 b4  b8 fb d7 1f 74 c3 b6 6f    .... .......t..o
00010   77 b8 7f e3 3b 63 c9 c7  54 bf de e5 14 a4 79 a9    w...;c..T.....y.
00020   fe 71 25 ac 6c                                      .q%.l

This looks like it was data from before.
From 542 to 549 are just keep-alive nulls.

At 550 there is a weird packet with no SOCKS payload.
At 551 there is a two byte null reply.
552-554 keep alive nulls.

At 555 Classilla sends
00000   05 01 00 01 c6 b2 88 32  01 bb                      .......2..

TC replies with (556)
00000   05 00 00 01 42 a6 7a a3  9e 7d                      ....B.z..}

Classilla renegotiates.