Unplanned
Last Updated: 16 Nov 2020 08:24 by ADMIN
Lei Cheong
Created on: 13 Nov 2020 02:33
Type: Bug Report
0
Exception thrown when accessing devblogs.microsoft.com

This bug occurs in both Fiddler and Fiddler Everywhere so you may want to take a look.

The system I'm running on is Win7x64 with latest patches loaded.

Note that when Fiddler/Fiddler Everywhere is not loaded, I can access this website normally.

====== Message from Fiddler v5.0.20204.45441 for .NET v4.6.1 Built: 2020-11-03 ======
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 10:19:31.203
Connection: close

fiddler.network.https> HTTPS handshake to devblogs.microsoft.com (for #14) failed. System.Security.Authentication.AuthenticationException 呼叫 SSPI 失敗,請查看內部例外狀況。 < 接收到的訊息超出預期或格式不正確。

Win32 (SChannel) Native Error Code: 0x80090326


====== Message from Fiddler Everywhere 1.2.1 Built: Friday, November 6, 2020 ======
fiddler.network.https> HTTPS handshake to devblogs.microsoft.com (for #17) failed. System.Security.Authentication.AuthenticationException Authentication failed, see inner exception. < 接收到的訊息超出預期或格式不正確。

Win32 (SChannel) Native Error Code: 0x80090326
7 comments
Eric
Posted on: 13 Nov 2020 21:16
devblogs.microsoft.com enables both TLS/1.2 and TLS/1.3, but unfortunately there's no intersection between the ciphers supported by Win7's TLS/1.2 implementation and the (only) three TLS/1.2 ciphers that the server supports.
Lei Cheong
Posted on: 13 Nov 2020 10:17
I can use Chrome here, the problem is just that Fiddler will not be able to process HTTPS request that uses TLS 1.3.
ADMIN
Nick Iliev
Posted on: 13 Nov 2020 10:06

Hi Lei,

 

With the Windows 7 details, the issue is making sense. Still, you could use the latest Microsoft Edge or Chrome to debug similar issues where TSL 1.3 is involved - is that a viable option for your company?

 

Regards,
Nick Iliev
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

Lei Cheong
Posted on: 13 Nov 2020 09:25
Unfortunately my company is still using Win7 when TLS1.3 support is not backported to SChannel component of Win7, and I think it's not available on any Windows Server version as of now.
ADMIN
Nick Iliev
Posted on: 13 Nov 2020 08:44

Hello Lei,

 

Not sure if the issue is related to TLS 1.3 version as I've tried to reproduce it on my side but to no avail (the Url loads as expected on bot the classic Fiddler and Fiddler Everywhere). Still, you might want to try to explicitly enable TLS 1.3 on Internet Explorer 11 and give this one a new try. Refer to this blog post for details on how to enable TLS 1.3 on IE 11.

 

Regards,
Nick Iliev
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

Lei Cheong
Posted on: 13 Nov 2020 02:40

Corrrection: I can view the site with Chrome when the Fiddler is not loaded, but cannot when view it under IE11. This suggest it may be a TLS1.3 problem.

That makes this thread's nature change to feature request - Is there any plan to move away from SChannel to other SSL providers?

Lei Cheong
Posted on: 13 Nov 2020 02:35
The Chinese part of error message translates to "Call to SSPI failed, please check inner exception. < The message received was unexpected or badly formatted"