Case 1 involves TLS + client certificate authentication with both client and server using secp384 based EC certificates. In this case, when monitoring traffic via fiddler, the tunneling/handshaking as well as encrypted traffic is completely missing from fiddler (as if nothing is happening). We know there is real traffic by monitoring both client and server individually.
Case 2 involves the same client process, same server process, same server certificate but client certificate authentication is disabled. In this case all the traffic as well as the initial handshake is captured within Fiddler.
Is this a known limitation of Fiddler? If yes, how else can I capture the TLS handshake that happens in Case 1? If not, am I missing a setting inside Fiddler? I have a C:\Users\<username>\My Documents\Fiddler2\ClientCertificate.cer certificate setup too (which basically matches the same PFX in the client cert store).
Also, all three (client, server and fiddler) are running on the same machine within the same user (admin) account. The user account's certificate store has the private key of the certificate too.
PS: Originally posted at http://security.stackexchange.com/questions/72916/can-fiddler-decrypt-https-traffic-when-using-elliptic-curves-client-cert-authe/72923#72923 but it's clear it actually belongs here.
Case 2 involves the same client process, same server process, same server certificate but client certificate authentication is disabled. In this case all the traffic as well as the initial handshake is captured within Fiddler.
Is this a known limitation of Fiddler? If yes, how else can I capture the TLS handshake that happens in Case 1? If not, am I missing a setting inside Fiddler? I have a C:\Users\<username>\My Documents\Fiddler2\ClientCertificate.cer certificate setup too (which basically matches the same PFX in the client cert store).
Also, all three (client, server and fiddler) are running on the same machine within the same user (admin) account. The user account's certificate store has the private key of the certificate too.
PS: Originally posted at http://security.stackexchange.com/questions/72916/can-fiddler-decrypt-https-traffic-when-using-elliptic-curves-client-cert-authe/72923#72923 but it's clear it actually belongs here.