SSL troubleshooting

Progress® Telerik® Fiddler™ Classic Feedback Portal

Create an account Log In

Back to Feed

Request a Feature Report a Bug

Under Review

Last Updated: 08 May 2018 05:00 by Leslie

Leslie

Created on: 21 Feb 2018 05:59

Type: Feature Request

SSL troubleshooting

I am testing against an HTTPS intranet server that Fiddler is unable to proxy to.  I set the Protocols to <client>;tls1.2 and that did not work.  I changed back to tls 1.0.

I restarted Fiddler with this as the Protocols list:

<client>;tls1.0

Wireshark shows Fiddler is still sending a Client Hello with TLS 1.2!

Please add additional logging  / troubleshooting.

Current log:

14:23:17:3284 Assembly 'C:\Users\xxxx\AppData\Local\Programs\Fiddler\CertMaker.dll' was not found. Using default Certificate Generator.
14:23:17:3349 /Fiddler.CertMaker> Using .+ for certificate generation; UseWildcards=True.

14:23:17:4280 fiddler.network.https> HTTPS handshake to xxxxx.xxxxx.com (for #7) failed. System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The message received was unexpected or badly formatted
Win32 (SChannel) Native Error Code: 0x80090326

3 comments

Leslie

Posted on: 08 May 2018 05:00

more woes with this.  Try doing a GET by entering this in the browser ( I was using Edge on Windows 10 here)

https://login.microsoftonline.com/sdfdsfdsf

This will return a 404 NOT FOUND if Fiddler is not enabled.

It will block and eventually return a Proxy error if you enable Fiddler - regardless of what is in the Protocols list, and even if I whitelist the domain in"skip decryption"

Eric

Posted on: 22 Feb 2018 06:00

If you use <client>;tls1.0, this means that Fiddler will use whatever protocols your client offers, as well as TLS/1.0. In the event that there is no client (e.g. you're using the Composer), only TLS/1.0 should be offered: https://www.telerik.com/blogs/fiddler-and-modern-tls-versions

Leslie

Posted on: 21 Feb 2018 06:00

I changed from to

<client>; ssl3;tls1.1

ssl3;tls1.0

And now it WORKS.

In this configuration Fidder is sending a Client Hello

Version TLS 1.0 (ox0301)

Handshake Protocol: Client Hello

Version TLS 1.2 (ox0303)

This works.

Please add logging so it shows what exactly Fiddler is sending on the handshake.  Evidently the user input for the HTTPS Protocols is a  bit buggy / finicky.

Please document what <client> does as well.