Ok no prize but this has been bothering me for a while and after endless googling and searching I can't figure it out so asking here for some help. Using Fiddler Classic and have this connection that won't work and can't figure out why.. while another almost identical and to same server works! .. so listing both, good one and bad one here and hoping someone can help and let me know what I'm missing.
The name of the party involved has been changed to protect its identity! :-P
Thank you all in advance!
The one that works:
CONNECT xx-xxxx.xxxx.com:443 HTTP/1.1
Host: cn-geo1.uber.com
User-Agent: Xxxxxx/x.xxx.xxxxx CFNetwork/1240.0.4 Darwin/20.6.0
Connection: keep-alive
Connection: keep-alive
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Version: 3.3 (TLS/1.2)
Random: D6 98 B2 86 F9 D5 6C 89 44 34 E5 CE 3D 7E DE B8 5E 17 80 09 C8 1B 4A 89 32 E9 76 33 02 B8 13 1D
"Time": 8/11/2041 12:31:18 PM
SessionID: D7 1A 00 00 28 58 81 5E 09 42 2C 7D FF 52 69 45 04 1F 6A 9A F1 AC 7F 1C 8A 4F BB 05 B6 90 1D 07
Extensions:
grease (0xcaca) empty
server_name xx-xxxx.xxxx.com
extended_master_secret empty
renegotiation_info 00
supported_groups grease [0xdada], x25519 [0x1d], secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19]
ec_point_formats uncompressed [0x0]
ALPN http/1.1
status_request OCSP - Implicit Responder
signature_algs ecdsa_secp256r1_sha256, rsa_pss_rsae_sha256, rsa_pkcs1_sha256, ecdsa_secp384r1_sha384, ecdsa_sha1, rsa_pss_rsae_sha384, rsa_pss_rsae_sha384, rsa_pkcs1_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha512, rsa_pkcs1_sha1
SignedCertTimestamp (RFC6962) empty
key_share 00 29 DA DA 00 01 00 00 1D 00 20 FB 83 F0 42 95 E5 7A A0 20 36 5D 34 31 B9 CF D2 F1 1C 6C D7 E4 4A 32 0E 4B 33 96 4C 90 4C 91 12
psk_key_exchange_modes 01 01
supported_versions grease [0xa0a], Tls1.3, Tls1.2
grease (0x6a6a) 00
padding 210 null bytes
Ciphers:
[5A5A] Unrecognized cipher - See https://www.iana.org/assignments/tls-parameters/
[1301] TLS_AES_128_GCM_SHA256
[1302] TLS_AES_256_GCM_SHA384
[1303] TLS_CHACHA20_POLY1305_SHA256
[C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
[C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
[C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
[C00A] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[C009] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C014] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C013] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Compression:
[00] NO_COMPRESSION
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 17:35:47.943
Connection: close
Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.
Secure Protocol: Tls12
Cipher: Aes128 128bits
Hash Algorithm: Sha256 ?bits
Key Exchange: ECDHE_RSA (0xae06) 255bits
== Server Certificate ==========
[Subject]
CN=*.xxxx.com, O="Xxxx Xxxxxxxxxxxx, Inc.", L=San Francisco, S=California, C=US
[Issuer]
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
[Serial Number]
04B114FE39AFD58E244CD867F6289C33
[Not Before]
9/29/2022 8:00:00 PM
[Not After]
10/3/2023 7:59:59 PM
[Thumbprint]
A3973CE541FA00B8ABFAF00A7A656566D9C8B85E
[SubjectAltNames]
*.xxxx.com, xxxx.com
The one that does NOT work:
CONNECT xx-xxxx.xxxx.com:443 HTTP/1.1
Host: cn-geo1.uber.com
User-Agent: com.apple.WebKit.Networking/8611.4.1.0.3 CFNetwork/1240.0.4 Darwin/20.6.0
Connection: keep-alive
Connection: keep-alive
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Version: 3.3 (TLS/1.2)
Random: 14 C3 70 A0 97 D7 EE 8D 7E 4D 55 83 5B 7E 11 78 B4 0D 5A 05 A7 CA FF 72 E7 6F D3 FE 84 80 57 67
"Time": 4/19/2055 6:48:52 AM
SessionID: 94 40 2D 65 53 37 B5 35 DB 44 9C 7C 02 08 6E CF D3 D2 96 F1 5F 2F 8D F6 16 E3 00 69 28 89 F1 1A
Extensions:
grease (0xbaba) empty
server_name xx-xxxx.xxxx.com
extended_master_secret empty
renegotiation_info 00
supported_groups grease [0x2a2a], x25519 [0x1d], secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19]
ec_point_formats uncompressed [0x0]
ALPN h2, http/1.1
status_request OCSP - Implicit Responder
signature_algs ecdsa_secp256r1_sha256, rsa_pss_rsae_sha256, rsa_pkcs1_sha256, ecdsa_secp384r1_sha384, ecdsa_sha1, rsa_pss_rsae_sha384, rsa_pss_rsae_sha384, rsa_pkcs1_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha512, rsa_pkcs1_sha1
SignedCertTimestamp (RFC6962) empty
key_share 00 29 2A 2A 00 01 00 00 1D 00 20 D5 A3 35 60 CC 62 00 38 0B DD F3 4E FC 27 42 B6 5C 0B 4A CA 6B 98 5A 0D 4C 64 A9 8E 38 74 A9 0A
psk_key_exchange_modes 01 01
supported_versions grease [0x3a3a], Tls1.3, Tls1.2
grease (0x4a4a) 00
padding 207 null bytes
Ciphers:
[6A6A] Unrecognized cipher - See https://www.iana.org/assignments/tls-parameters/
[1301] TLS_AES_128_GCM_SHA256
[1302] TLS_AES_256_GCM_SHA384
[1303] TLS_CHACHA20_POLY1305_SHA256
[C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
[C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
[C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
[C00A] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[C009] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C014] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C013] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Compression:
[00] NO_COMPRESSION
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 17:36:31.802
Connection: close
Hi Carlos, I recommend posting this question on one of these options for a timely response:
Hi Ryuu,
Yes, you're getting caught by the spam filter for attempting to open multiple posts with the same (slightly reworded) content.
My recommendation is still the same, you will want to post in those resources I linked to above. Fiddler Classic is not a heavily visited forum and you probably won't get any replies from the community in the timeframe you're hoping for.
For your convenience, here are those links again:
Technical Support Note: If this is a business-critical implementation and you would like professional support for Fiddler Classic, you can contract with our Outsourcing Services partners for some 1:1 help => https://www.progress.com/services/outsourcing.