Errors Attempting to Access Website through Fiddler

6 posts, 0 answers
  1. Matthew
    Matthew avatar
    3 posts
    Member since:
    Nov 2017

    Posted 29 Nov 2017 Link to this post

    I have attempted to figure out this problem but cannot determine what the root cause is. Basically, I am receiving a "ReadResponse()failed: The server did not return a complete response for this request. Server returned 0 bytes." message when I perform a basic GET. In the log it shows "fiddler.network.readresponse.failure> Session #9853 raised exception System.IO.IOException The read operation failed, see inner exception. < A call to SSPI failed, see inner exception"

    This only started occurring after I updated the Cipher Suites which are supported on the web server. Below are the Cipher Suites that work and the ones that don't. It seems that Fiddler needs a DES option to be available for some reason but even when I remove just one of the ciphers that use DES, the failure occurs.

    Working Cipher Suite:

    ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

    Non-Working Cipher Suite:

    ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS

     

    On the web server, I see an error that states "Re-negotiation handshake failed: Not accepted by client!?". I can access the site fine through a web browser and using the first set of cipher suites but cannot with the second. Do you have any idea why removing just one of the DES suites causes this issue? 

  2. Alexander
    Admin
    Alexander avatar
    336 posts

    Posted 07 Dec 2017 Link to this post

    Hello,

    Which cryptographic protocols does your web server support? Also which protocols is Fiddler using (this can be found by going to Tools -> Options -> HTTPS -> Protocols)?

    Regards,
    Alexander
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. Matthew
    Matthew avatar
    3 posts
    Member since:
    Nov 2017

    Posted 07 Dec 2017 in reply to Alexander Link to this post

    The web server supports TLS 1.1 and TLS 1.2. Fiddler is set to use SSL3, TSL 1.0, TLS 1.1 and TLS 1.2.
  4. Alexander
    Admin
    Alexander avatar
    336 posts

    Posted 15 Dec 2017 Link to this post

    Hi,

    Do you get the same result if you create and send the GET using the Composer?

    Regards,
    Alexander
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  5. Matthew
    Matthew avatar
    3 posts
    Member since:
    Nov 2017

    Posted 15 Dec 2017 in reply to Alexander Link to this post

    We are using the composer to send the GET request. The only difference between it working and not working is the presence of DES ciphers in the web server virtual host configuration. If they are in the cipher suite list then it works and if I remove 1 or more of them it no longer works.
  6. Alexander
    Admin
    Alexander avatar
    336 posts

    Posted 03 Jan Link to this post

    Hi,

    Please, excuse us for the delay in our answer.

    Would it be possible that you try running Fiddler on different machine and check if the problem persists? It may be machine-specific problem and by doing that we will eliminate this option.

    Normally, Fiddler does not need DES option in order to work, so in this case the problem may be elsewhere, this is just triggering it. Is the problem reproducible with sample server or is it with your web server? If it is reproducible, would it be possible to provide us with the sample server so we could proceed with debugging it? Rather unfortunately, this seems to be the only way of finding the cause of this problem.

    Regards,
    Alexander
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Back to Top