Can I block < TLS 1.2

6 posts, 0 answers
  1. Kevin
    Kevin avatar
    7 posts
    Member since:
    Sep 2015

    Posted 29 Jul Link to this post

    Is it possible for me to block a CONNECT session that is using TLS 1.1 or TLS 1.0?

     

    I see that I can script 

    if (!oSession.HTTPMethodIs("CONNECT")) 

    }

    but I'm not sure what to do to determine TLS version inside the if clause.

  2. Alexander
    Admin
    Alexander avatar
    336 posts

    Posted 30 Jul Link to this post

    Hello,

    Can you elaborate some more on what is your case? Do you need this for test purposes or it is a more of a permanent configuration? I need this information in order to find the right solution for your case, since there is no way for you to check what is the protocol version.

    Regards,
    Alexander
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. Kevin
    Kevin avatar
    7 posts
    Member since:
    Sep 2015

    Posted 30 Jul in reply to Alexander Link to this post

    This is purely for test purposes.

     

    Thanks - kevin

  4. Alexander
    Admin
    Alexander avatar
    336 posts

    Posted 01 Aug Link to this post

    Hi,

    The easiest approach for test purposes would be to just configure Fiddler to not accept TLS 1.0 and TLS 1.1 and to accept only TLS 1.2. This can be done from Tools -> Options -> HTTPS -> Protocols and leave only tls1.2. Would this solution suffice your needs?

    Regards,
    Alexander
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  5. Kevin
    Kevin avatar
    7 posts
    Member since:
    Sep 2015

    Posted 02 Aug in reply to Alexander Link to this post

    I tried that before but could not get accurate results through curl.exe. --tlsv1.0 traffic still seemed to be allowed. I'll try it again but just use the browser for my test. Thanks
  6. Alexander
    Admin
    Alexander avatar
    336 posts

    Posted 02 Aug Link to this post

    Hi,

    Do not forget to remove the <client> token too. If the <client> token is present Fidder will offer the protocols the client offered to him in addition to other listed protocols.

    Regards,
    Alexander
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Back to Top