FiddlerCore Mono not work at Chrome 45 with https request

17 posts, 0 answers
  1. sawachika
    sawachika avatar
    18 posts
    Member since:
    Feb 2015

    Posted 02 Sep 2015 Link to this post

    tell me ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION
  2. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 02 Sep 2015 Link to this post

    Are you running on Linux or on Mac?

    Mono appears to support only TLS1.0 and earlier.

    It sounds like you're saying that Chromium is requiring TLS1.1 or later; I wouldn't expect that to be the default, but if it were, this problem would appear.

    Regards,
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. sawachika
    sawachika avatar
    18 posts
    Member since:
    Feb 2015

    Posted 02 Sep 2015 in reply to Eric Lawrence Link to this post

    Yes, Runing on Mac, Chrome 45.

    Is there a plan to update it?​

  4. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 02 Sep 2015 Link to this post

    Just to be clear, do you have this problem in all browsers or just Chrome? Have you changed any settings or preferences to force FiddlerCore to use only SSL3 and not use TLS1? Have you configured Chrome to demand TLS/1.1 or later? By default it should allow TLS/1.0 and thus should work with FiddlerCore.

    The Mono maintainers have written about their plan to modernize their TLS stack here: http://tirania.org/blog/archive/2015/Aug-27.html

    Regards,
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  5. sawachika
    sawachika avatar
    18 posts
    Member since:
    Feb 2015

    Posted 02 Sep 2015 in reply to Eric Lawrence Link to this post

    Yes, just chrome, I'm not changed oAcceptedClientHTTPSProtocols settings, it's default, and not demand chrome TLS protocols, it's defualt. I know on default, the chrome allow TLS/1.0, but still not work, I try later....
  6. sawachika
    sawachika avatar
    18 posts
    Member since:
    Feb 2015

    Posted 02 Sep 2015 in reply to Eric Lawrence Link to this post

    The FilddlerCore Logs:

    SecureClientPipe (www.xxx.com failed: The authentication or decryption has failed. < Unsupported security protocol type.​

  7. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 03 Sep 2015 Link to this post

    Hello, sawachika--

    Which build of the Mono Framework do you have installed? This appears to be an already fixed bug in Mono, described here: https://bugzilla.xamarin.com/show_bug.cgi?id=6843

    Regards,
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  8. sawachika
    sawachika avatar
    18 posts
    Member since:
    Feb 2015

    Posted 03 Sep 2015 in reply to Eric Lawrence Link to this post

    Yes, installed, when i run  "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --ssl-version-max=tls1" in Terminal , the HTTPS request it's work, I think Chorme use of unsupported protocols for MONO?
  9. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 03 Sep 2015 Link to this post

    The ssl-version-max command line argument tells Chrome not to try using TLS1.1 which prevents it from triggering the bug in Mono.

    The bug in Mono causes incoming connections to fail if they even advertise TLS/1.1. That bug has supposedly been fixed already, which is why I'm interested in what specific build number of Mono you have installed.

    Thanks!
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  10. sawachika
    sawachika avatar
    18 posts
    Member since:
    Feb 2015

    Posted 03 Sep 2015 in reply to Eric Lawrence Link to this post

    My Mono Framework version is 4.0.3, the problem still , you can try...

     

    osx2tekiMac:~ osx2$ mono --version
    Mono JIT compiler version 4.0.3 ((detached/d6946b4 Wed Jul 29 14:46:23 EDT 2015)
    Copyright (C) 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com
    TLS:           normal
    SIGSEGV:       altstack
    Notification:  kqueue
    Architecture:  x86
    Disabled:      none
    Misc:          softdebug 
    LLVM:          yes(3.6.0svn-mono-(detached/a173357)
    GC:            sgen

  11. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 04 Sep 2015 Link to this post

    I wasn't able to reproduce this, but hopefully it will be fixed in the Mono 4.2 release which promises many bugfixes; it's in alpha now.

    Regards,
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  12. sawachika
    sawachika avatar
    18 posts
    Member since:
    Feb 2015

    Posted 04 Sep 2015 in reply to Eric Lawrence Link to this post

    In your Mac ,it's work? what's version is  Mono.Security.dll ?
  13. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 08 Sep 2015 Link to this post

    On my Mac, the WinForms framework is so unstable it's impossible to do anything useful at all with Fiddler. That's the main reason we recommend using Fiddler via a VM, e.g. http://www.telerik.com/blogs/running-fiddler-in-virtualbox-on-mac rather than running directly on OSX.

    Regards,
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  14. sawachika
    sawachika avatar
    18 posts
    Member since:
    Feb 2015

    Posted 09 Sep 2015 in reply to Eric Lawrence Link to this post

    I use FiddlerCore, update to mono 4.2 , problem still
  15. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 09 Sep 2015 Link to this post

    Your best bet would be to collect a capture with Wireshark and then file a bug on the Mono project.

    Regards,
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  16. sawachika
    sawachika avatar
    18 posts
    Member since:
    Feb 2015

    Posted 11 Sep 2015 in reply to Eric Lawrence Link to this post

    I think ,the problem lot like firefox tls version ?

    From http://fiddler.wikidot.com/mono tell:

    TLS Version
    If all HTTPS connections to Fiddler fail in Firefox with a "The connection was interrupted" message, you may need to navigate to about:config inside Firefox and edit the security.tls.version.maxpreference. Set it to 1.

     

    mono suppert tls1.0 ,  security.tls.version.max  default value is 3, means firefox suppert tls1.0,1.1.1.2, and when server (fiddlercore)not suppert tls1.2 , can fallback to tls.10 ,why need set security.tls.version.max to 1 ?

     

  17. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 11 Sep 2015 Link to this post

    The recommendation to adjust the Firefox max version was made before the bug in Mono:  https://bugzilla.xamarin.com/show_bug.cgi?id=6843 was fixed. That bug causes TLS connections to fail if the client even offers TLS/1.1 or TLS/1.2.

    Regards,
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Back to Top