Can not beat HTTPS with Java client

3 posts, 0 answers
  1. Pavel
    Pavel avatar
    1 posts
    Member since:
    May 2011

    Posted 28 Feb 2017 Link to this post

    I'm trying to use Fiddler v4.6.20171.7553 with Java app bundled with its own jvm/jre 1.7.0_80

    I've exported certificate of Fiddler to desktop and using keytool added certificate to its keystore:

    keytool -import -keystore cacerts -file FiddlerRoot.cer -alias fiddler

    keytool reported that certificate successfully imported, what I've checked with command:

    keytool -list -v -keystore cacerts -alias fiddler

    I've also installed certificates to Windows both to local and user space for sure.

    Server I'm trying to connect is configured to use TLS1.0;TLS1.1;TLS1.2 protocols, so that what I set in Fiddler options for HTTPS protocols. I've also tried to add <client> and using different combinations of different protocols, but it didn't help.

    Resetting of certificates, or deleting Interception certificates and adding again doesn't help.

    I always get error:

    !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < An unknown error occurred while processing the certificate on pipe (, O=DO_NOT_TRUST, OU=Created by

    On the app side I have error: PKIX path building failed: unable to find valid certification path to requested target

    OS details: 64-bit AMD64, VM: 56,0mb, WS: 94,0mb .NET 4.6.2 WinNT 10.0.10240.0

    Request headers:

    User-Agent: Java/1.7.0_80
    Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2

    A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

    Version: 3.1 (TLS/1.0)
    Random: some random
    "Time": 07.06.2015 3:37:44
    SessionID: empty
        elliptic_curves    secp256r1 [0x17], sect163k1 [0x1], sect163r2 [0x3], secp192r1 [0x13], secp224r1 [0x15], sect233k1 [0x6], sect233r1 [0x7], sect283k1 [0x9], sect283r1 [0xA], secp384r1 [0x18], sect409k1 [0xB], sect409r1 [0xC], secp521r1 [0x19], sect571k1 [0xD], sect571r1 [0xE], secp160k1 [0xF], secp160r1 [0x10], secp160r2 [0x11], sect163r1 [0x2], secp192k1 [0x12], sect193r1 [0x4], sect193r2 [0x5], secp224k1 [0x14], sect239k1 [0x8], secp256k1 [0x16]
        ec_point_formats    uncompressed [0x0]
        [C014]    TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
        [0035]    TLS_RSA_AES_256_SHA
        [C005]    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
        [C00F]    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
        [0039]    TLS_DHE_RSA_WITH_AES_256_SHA
        [0038]    TLS_DHE_DSS_WITH_AES_256_SHA
        [C009]    TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
        [C013]    TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
        [002F]    TLS_RSA_AES_128_SHA
        [C004]    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
        [C00E]    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
        [0033]    TLS_DHE_RSA_WITH_AES_128_SHA
        [0032]    TLS_DHE_DSS_WITH_AES_128_SHA
        [000A]    SSL_RSA_WITH_3DES_EDE_SHA
        [0016]    SSL_DHE_RSA_WITH_3DES_EDE_SHA
        [0013]    SSL_DHE_DSS_WITH_3DES_EDE_SHA
        [C007]    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
        [C011]    TLS_ECDHE_RSA_WITH_RC4_128_SHA
        [0005]    SSL_RSA_WITH_RC4_128_SHA
        [C002]    TLS_ECDH_ECDSA_WITH_RC4_128_SHA
        [C00C]    TLS_ECDH_RSA_WITH_RC4_128_SHA
        [0004]    SSL_RSA_WITH_RC4_128_MD5

        [00]    NO_COMPRESSION

  2. Filip
    Filip avatar
    1 posts
    Member since:
    Apr 2019

    Posted 05 Apr Link to this post

    Finally I found someone with the same error as me, unfortunately without solution...
  3. Simeon
    Simeon avatar
    216 posts

    Posted 09 Apr Link to this post

    Hello Filip and Pavel,

    Could you, please, update to the latest version of Fiddler and reset your Fiddler root CA certificate. Try again and if this does not help, you could try using the Fiddler's CertMaker add-on

    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Back to Top