IO Exception unexpected packet format

3 posts, 1 answers
  1. Ian
    Ian avatar
    4 posts
    Member since:
    Apr 2015

    Posted 23 Apr 2015 Link to this post

    Windows 8.1, Fiddler 4.5.0.0

    We have our own https application based on WinINet (not a browser application). This has worked successfully with Fiddler until this week.

    We now get the following error when connecting to the remote server:

    fiddler.network.https> HTTPS handshake to testservices.bacs.co.uk failed. System.IO.IOException The handshake failed due to an unexpected packet format.

    Other info from Fiddler:

    A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

    Version: 3.3 (TLS/1.2)
    Random: 55 39 05 98 AA 32 58 40 77 7C 78 67 B5 4C 56 5F B0 6F A3 8B D6 CD 60 EE AE 4E 2C 24 A0 15 8D A4
    "Time": 27/10/2050 11:26:29
    SessionID: empty
    Extensions:
    renegotiation_info 00
    server_name testservices.bacs.co.uk
    status_request OCSP - Implicit Responder
    elliptic_curves secp256r1 [0x17], secp384r1 [0x18]
    ec_point_formats uncompressed [0x0]
    signature_algs sha256_rsa, sha384_rsa, sha1_rsa, sha256_ecdsa, sha384_ecdsa, sha1_ecdsa, sha1_dsa
    SessionTicket empty
    Ciphers:
    [C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

    [009F] TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    [009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    [009D] TLS_RSA_WITH_AES_256_GCM_SHA384
    [009C] TLS_RSA_WITH_AES_128_GCM_SHA256
    [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    [C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    [C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
    [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
    [003D] TLS_RSA_WITH_AES_256_CBC_SHA256
    [003C] TLS_RSA_WITH_AES_128_CBC_SHA256
    [0035] TLS_RSA_AES_256_SHA
    [002F] TLS_RSA_AES_128_SHA
    [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    [C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    [006A] TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
    [0040] TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
    [0038] TLS_DHE_DSS_WITH_AES_256_SHA
    [0032] TLS_DHE_DSS_WITH_AES_128_SHA
    [000A] SSL_RSA_WITH_3DES_EDE_SHA
    [0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA
    [0005] SSL_RSA_WITH_RC4_128_SHA
    [0004] SSL_RSA_WITH_RC4_128_MD5

    etc....

    The SSL certificate was changed last week at the server end.

    It was SHA1 (worked with Fiddler) and now is SHA#256 (get the error above).

    Is this a configuration problem or something else?

    Our application works OK when Fiddler not running.

     

    Regards

    Ian Patterson

  2. Answer
    Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 23 Apr 2015 Link to this post

    Hello, Ian--

    The problem relates to the fact that, when the new certificate was installed, the admin took the opportunity to disable SSL3 and TLS1.0, as you can see here: https://www.ssllabs.com/ssltest/analyze.html?d=testservices.bacs.co.uk

    The consequence of that is that the server is rejecting Fiddler's TLS1.0 handshake.

    Fortunately, this is easily resolved since you're running Win8.1 and Fiddler4.5. Simply click Tools > Fiddler Options > HTTPS. Click the Enabled Protocols link at the right and change the text to, for instance:

      tls1.0;tls1.1;tls1.2

    See http://blogs.telerik.com/fiddler/posts/13-02-11/fiddler-and-modern-tls-versions for further details.

    Regards,
    Eric Lawrence
    Telerik
     

    See What's Next in App Development. Register for TelerikNEXT.

     
  3. Ian
    Ian avatar
    4 posts
    Member since:
    Apr 2015

    Posted 24 Apr 2015 in reply to Eric Lawrence Link to this post

    Eric, many thanks for the quick response. The acceptance of tls1.1 and 1.2 in Fiddler sorted the problem and all now OK.

    Fiddler has saved our bacon many times during the development of our https programs. First class product.

     Regards, Ian.

Back to Top