This is a migrated thread and some comments may be shown as answers.

FiddlerCore Mono not work at Chrome 45 with https request

16 Answers 172 Views
FiddlerCore
This is a migrated thread and some comments may be shown as answers.
sawachika
Top achievements
Rank 1
sawachika asked on 02 Sep 2015, 01:00 PM
tell me ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION

16 Answers, 1 is accepted

Sort by
0
Eric Lawrence
Telerik team
answered on 02 Sep 2015, 01:59 PM
Are you running on Linux or on Mac?

Mono appears to support only TLS1.0 and earlier.

It sounds like you're saying that Chromium is requiring TLS1.1 or later; I wouldn't expect that to be the default, but if it were, this problem would appear.

Regards,
Eric Lawrence
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
sawachika
Top achievements
Rank 1
answered on 02 Sep 2015, 03:20 PM

Yes, Runing on Mac, Chrome 45.

Is there a plan to update it?​

0
Eric Lawrence
Telerik team
answered on 03 Sep 2015, 01:39 AM
Just to be clear, do you have this problem in all browsers or just Chrome? Have you changed any settings or preferences to force FiddlerCore to use only SSL3 and not use TLS1? Have you configured Chrome to demand TLS/1.1 or later? By default it should allow TLS/1.0 and thus should work with FiddlerCore.

The Mono maintainers have written about their plan to modernize their TLS stack here: http://tirania.org/blog/archive/2015/Aug-27.html

Regards,
Eric Lawrence
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
sawachika
Top achievements
Rank 1
answered on 03 Sep 2015, 03:10 AM
Yes, just chrome, I'm not changed oAcceptedClientHTTPSProtocols settings, it's default, and not demand chrome TLS protocols, it's defualt. I know on default, the chrome allow TLS/1.0, but still not work, I try later....
0
sawachika
Top achievements
Rank 1
answered on 03 Sep 2015, 04:15 AM

The FilddlerCore Logs:

SecureClientPipe (www.xxx.com failed: The authentication or decryption has failed. < Unsupported security protocol type.​

0
Eric Lawrence
Telerik team
answered on 03 Sep 2015, 02:59 PM
Hello, sawachika--

Which build of the Mono Framework do you have installed? This appears to be an already fixed bug in Mono, described here: https://bugzilla.xamarin.com/show_bug.cgi?id=6843

Regards,
Eric Lawrence
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
sawachika
Top achievements
Rank 1
answered on 03 Sep 2015, 03:31 PM
Yes, installed, when i run  "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --ssl-version-max=tls1" in Terminal , the HTTPS request it's work, I think Chorme use of unsupported protocols for MONO?
0
Eric Lawrence
Telerik team
answered on 03 Sep 2015, 05:20 PM
The ssl-version-max command line argument tells Chrome not to try using TLS1.1 which prevents it from triggering the bug in Mono.

The bug in Mono causes incoming connections to fail if they even advertise TLS/1.1. That bug has supposedly been fixed already, which is why I'm interested in what specific build number of Mono you have installed.

Thanks!
Eric Lawrence
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
sawachika
Top achievements
Rank 1
answered on 04 Sep 2015, 04:38 AM

My Mono Framework version is 4.0.3, the problem still , you can try...

 

osx2tekiMac:~ osx2$ mono --version
Mono JIT compiler version 4.0.3 ((detached/d6946b4 Wed Jul 29 14:46:23 EDT 2015)
Copyright (C) 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com
TLS:           normal
SIGSEGV:       altstack
Notification:  kqueue
Architecture:  x86
Disabled:      none
Misc:          softdebug 
LLVM:          yes(3.6.0svn-mono-(detached/a173357)
GC:            sgen

0
Eric Lawrence
Telerik team
answered on 04 Sep 2015, 08:50 PM
I wasn't able to reproduce this, but hopefully it will be fixed in the Mono 4.2 release which promises many bugfixes; it's in alpha now.

Regards,
Eric Lawrence
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
sawachika
Top achievements
Rank 1
answered on 05 Sep 2015, 04:55 AM
In your Mac ,it's work? what's version is  Mono.Security.dll ?
0
Eric Lawrence
Telerik team
answered on 08 Sep 2015, 09:25 PM
On my Mac, the WinForms framework is so unstable it's impossible to do anything useful at all with Fiddler. That's the main reason we recommend using Fiddler via a VM, e.g. http://www.telerik.com/blogs/running-fiddler-in-virtualbox-on-mac rather than running directly on OSX.

Regards,
Eric Lawrence
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
sawachika
Top achievements
Rank 1
answered on 09 Sep 2015, 12:45 PM
I use FiddlerCore, update to mono 4.2 , problem still
0
Eric Lawrence
Telerik team
answered on 09 Sep 2015, 07:05 PM
Your best bet would be to collect a capture with Wireshark and then file a bug on the Mono project.

Regards,
Eric Lawrence
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
sawachika
Top achievements
Rank 1
answered on 11 Sep 2015, 09:03 AM

I think ,the problem lot like firefox tls version ?

From http://fiddler.wikidot.com/mono tell:

TLS Version
If all HTTPS connections to Fiddler fail in Firefox with a "The connection was interrupted" message, you may need to navigate to about:config inside Firefox and edit the security.tls.version.maxpreference. Set it to 1.

 

mono suppert tls1.0 ,  security.tls.version.max  default value is 3, means firefox suppert tls1.0,1.1.1.2, and when server (fiddlercore)not suppert tls1.2 , can fallback to tls.10 ,why need set security.tls.version.max to 1 ?

 

0
Eric Lawrence
Telerik team
answered on 11 Sep 2015, 05:59 PM
The recommendation to adjust the Firefox max version was made before the bug in Mono:  https://bugzilla.xamarin.com/show_bug.cgi?id=6843 was fixed. That bug causes TLS connections to fail if the client even offers TLS/1.1 or TLS/1.2.

Regards,
Eric Lawrence
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Tags
FiddlerCore
Asked by
sawachika
Top achievements
Rank 1
Answers by
Eric Lawrence
Telerik team
sawachika
Top achievements
Rank 1
Share this question
or