Last Updated: 04 Dec 2020 13:57 by ADMIN
Created on: 30 Jan 2019 21:29
Type: Bug Report
HTTPS to HTTPS Handshake To Domain Failed


I am getting the following error in fiddler and without Capture HTTPS CONNECTs it works, also in the Protocols I have enabled: <client>;ssl2;ssl3;tls1.0;tls1.1;tls1.2

fiddler.network.https> HTTPS handshake to <domain> (for #6) failed. System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The message received was unexpected or badly formatted

Win32 (SChannel) Native Error Code: 0x80090326


[Edited by Telerik Staff to remove personal information and convert to bug report]

Lance | Manager Technical Support
Posted on: 04 Dec 2020 13:57

Hello Vladimir,

The reason for the trouble is different than the original problem reported in this report. In your case, it looks like the problem is that classic Fiddler doesn't support the newer versions of TLS (that site only allows 1.2 and 1.3)


In order to debug traffic for that site, you will need to switch to Fiddler Everywhere. Go here to download it https://www.telerik.com/fiddler 

Further Assistance

If you continue to have trouble afterwards, open a forum post here https://community.getfiddler.com/support/discussions 

Lance | Manager Technical Support
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

Posted on: 04 Dec 2020 13:46

Hi there - had same error in fiddler for https://inlat.am/ site

upon checking in www.ssllabs.com 


i can see that there are ciphers for this site - 

Cipher Suites
# TLS 1.3 (suites in server-preferred order)
TLS_AES_256_GCM_SHA384 (0x1302)   ECDH x25519 (eq. 3072 bits RSA)   FS256
TLS_CHACHA20_POLY1305_SHA256 (0x1303)   ECDH x25519 (eq. 3072 bits RSA)   FS256
TLS_AES_128_GCM_SHA256 (0x1301)   ECDH x25519 (eq. 3072 bits RSA)   FS128
# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   ECDH x25519 (eq. 3072 bits RSA)   FS128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH x25519 (eq. 3072 bits RSA)   FS256

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)ECDH x25519 (eq. 3072 bits RSA)   FS   


However capturing with Wireshark gives that  fiddler sends the handshake with 


Cipher Suites (24 suites)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
    Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
    Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
    Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
    Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
    Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
    Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
    Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
    Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
    Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
    Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
    Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
    Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
    Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
    Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)

And we can see that there is no supported ciphers for this site https://inlat.am/ (its aws)

so - the questions is - how to add appropriate cipher in fiddler.


Thank you in advance.


Posted on: 01 Feb 2019 16:12

You should remove both SSL2 and SSL3 from your supported protocols list, as SSL3 is not secure (and generally not used any more) and enabling SSL2 will break modern TLS versions.

Telerk should probably remove mention of SSL2 from the UI and may want to show an explicit warning if a user manually adds it.

Lance | Manager Technical Support
Posted on: 30 Jan 2019 23:22
Hello Ashen,

Thank you for the information. I have converted the priority support ticket for UI for ASP.NET AJAX to a Fiddler Feedback Item and initially marked it as a bug report. I have also added your up-vote to the item.

If you wold like to subscribe and be alerted of status changes, please take a moment to use the "Follow" button in the public portal here: https://feedback.telerik.com/fiddler/1385611-https-to-https-handshake-to-domain-failed

To protect your privacy I've removed the personal information that was in the original post. Note that including personal information  is not necessary for future posts as we will use the information associated with your account.

Thank you for your understanding.

Lance | Technical Support Engineer, Principal
Progress Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items