This is a migrated thread and some comments may be shown as answers.

Can not beat HTTPS with Java client

2 Answers 243 Views
Windows
This is a migrated thread and some comments may be shown as answers.
Pavel
Top achievements
Rank 1
Pavel asked on 28 Feb 2017, 05:16 PM

I'm trying to use Fiddler v4.6.20171.7553 with Java app bundled with its own jvm/jre 1.7.0_80

I've exported certificate of Fiddler to desktop and using keytool added certificate to its keystore:

keytool -import -keystore cacerts -file FiddlerRoot.cer -alias fiddler

keytool reported that certificate successfully imported, what I've checked with command:

keytool -list -v -keystore cacerts -alias fiddler

I've also installed certificates to Windows both to local and user space for sure.

Server I'm trying to connect is configured to use TLS1.0;TLS1.1;TLS1.2 protocols, so that what I set in Fiddler options for HTTPS protocols. I've also tried to add <client> and using different combinations of different protocols, but it didn't help.

Resetting of certificates, or deleting Interception certificates and adding again doesn't help.

I always get error:

!SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < An unknown error occurred while processing the certificate on pipe (CN=target.website, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com).

On the app side I have error:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

OS details: 64-bit AMD64, VM: 56,0mb, WS: 94,0mb .NET 4.6.2 WinNT 10.0.10240.0

Request headers:

CONNECT target.website:443 HTTP/1.1
User-Agent: Java/1.7.0_80
Host: target.website
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.1 (TLS/1.0)
Random: some random
"Time": 07.06.2015 3:37:44
SessionID: empty
Extensions:
    elliptic_curves    secp256r1 [0x17], sect163k1 [0x1], sect163r2 [0x3], secp192r1 [0x13], secp224r1 [0x15], sect233k1 [0x6], sect233r1 [0x7], sect283k1 [0x9], sect283r1 [0xA], secp384r1 [0x18], sect409k1 [0xB], sect409r1 [0xC], secp521r1 [0x19], sect571k1 [0xD], sect571r1 [0xE], secp160k1 [0xF], secp160r1 [0x10], secp160r2 [0x11], sect163r1 [0x2], secp192k1 [0x12], sect193r1 [0x4], sect193r2 [0x5], secp224k1 [0x14], sect239k1 [0x8], secp256k1 [0x16]
    ec_point_formats    uncompressed [0x0]
    server_name    target.website
Ciphers:
    [C00A]    TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    [C014]    TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
    [0035]    TLS_RSA_AES_256_SHA
    [C005]    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
    [C00F]    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
    [0039]    TLS_DHE_RSA_WITH_AES_256_SHA
    [0038]    TLS_DHE_DSS_WITH_AES_256_SHA
    [C009]    TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    [C013]    TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
    [002F]    TLS_RSA_AES_128_SHA
    [C004]    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
    [C00E]    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
    [0033]    TLS_DHE_RSA_WITH_AES_128_SHA
    [0032]    TLS_DHE_DSS_WITH_AES_128_SHA
    [C008]    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
    [C012]    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
    [000A]    SSL_RSA_WITH_3DES_EDE_SHA
    [C003]    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
    [C00D]    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
    [0016]    SSL_DHE_RSA_WITH_3DES_EDE_SHA
    [0013]    SSL_DHE_DSS_WITH_3DES_EDE_SHA
    [C007]    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
    [C011]    TLS_ECDHE_RSA_WITH_RC4_128_SHA
    [0005]    SSL_RSA_WITH_RC4_128_SHA
    [C002]    TLS_ECDH_ECDSA_WITH_RC4_128_SHA
    [C00C]    TLS_ECDH_RSA_WITH_RC4_128_SHA
    [0004]    SSL_RSA_WITH_RC4_128_MD5
    [00FF]    TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Compression:
    [00]    NO_COMPRESSION


2 Answers, 1 is accepted

Sort by
0
Filip
Top achievements
Rank 1
answered on 05 Apr 2019, 08:02 AM
Finally I found someone with the same error as me, unfortunately without solution...
0
Simeon
Telerik team
answered on 09 Apr 2019, 02:18 PM
Hello Filip and Pavel,

Could you, please, update to the latest version of Fiddler and reset your Fiddler root CA certificate. Try again and if this does not help, you could try using the Fiddler's CertMaker add-on

Regards,
Simeon
Progress Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Tags
Windows
Asked by
Pavel
Top achievements
Rank 1
Answers by
Filip
Top achievements
Rank 1
Simeon
Telerik team
Share this question
or