This is a migrated thread and some comments may be shown as answers.

Fiddler HTTPS Debug: SSL Protocols, Ciphers & Digests

1 Answer 1269 Views
FiddlerCore
This is a migrated thread and some comments may be shown as answers.
Vinod Kumar
Top achievements
Rank 1
Vinod Kumar asked on 20 Jan 2015, 03:12 PM
I was curious on the SSL settings utilized by Fiddler when https debugging is enabled. Is it limited by the Operating System on SSL protocols (SSL vs TLS versions), Ciphers and digest algorithm? Is there an order of preference for each criterion, starting with lets say the highest (something like TLS 1.2+GCM/AES 256 bit+SHA384) ?

1 Answer, 1 is accepted

Sort by
0
Eric Lawrence
Telerik team
answered on 20 Jan 2015, 04:22 PM
Hello, Vinod--

Fiddler relies upon the .NET Framework's SslStream behavior, which in turn is a wrapper around the Windows SChannel component. There's no way in Fiddler itself to change cipher availability or order, other than to control which SSL/TLS versions are available: http://blogs.telerik.com/fiddler/posts/13-02-11/fiddler-and-modern-tls-versions

I expect that if you change the SChannel registry keys to configure Windows' overall HTTPS behaviors, those changes would also impact .NET and thus Fiddler.

Regards,
Eric Lawrence
Telerik
 

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

 
Tags
FiddlerCore
Asked by
Vinod Kumar
Top achievements
Rank 1
Answers by
Eric Lawrence
Telerik team
Share this question
or