Vinod Kumar
Top achievements
Rank 1
Rank 1
Vinod Kumar
asked on 20 Jan 2015, 03:12 PM
I was curious on the SSL settings utilized by Fiddler when https debugging is enabled. Is it limited by the Operating System on SSL protocols (SSL vs TLS versions), Ciphers and digest algorithm? Is there an order of preference for each criterion, starting with lets say the highest (something like TLS 1.2+GCM/AES 256 bit+SHA384) ?
1 Answer, 1 is accepted
0
Hello, Vinod--
Fiddler relies upon the .NET Framework's SslStream behavior, which in turn is a wrapper around the Windows SChannel component. There's no way in Fiddler itself to change cipher availability or order, other than to control which SSL/TLS versions are available: http://blogs.telerik.com/fiddler/posts/13-02-11/fiddler-and-modern-tls-versions
I expect that if you change the SChannel registry keys to configure Windows' overall HTTPS behaviors, those changes would also impact .NET and thus Fiddler.
Regards,
Eric Lawrence
Telerik
Fiddler relies upon the .NET Framework's SslStream behavior, which in turn is a wrapper around the Windows SChannel component. There's no way in Fiddler itself to change cipher availability or order, other than to control which SSL/TLS versions are available: http://blogs.telerik.com/fiddler/posts/13-02-11/fiddler-and-modern-tls-versions
I expect that if you change the SChannel registry keys to configure Windows' overall HTTPS behaviors, those changes would also impact .NET and thus Fiddler.
Regards,
Eric Lawrence
Telerik
Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.