Windows 8.1, Fiddler 4.5.0.0
We have our own https application based on WinINet (not a browser application). This has worked successfully with Fiddler until this week.
We now get the following error when connecting to the remote server:
fiddler.network.https> HTTPS handshake to testservices.bacs.co.uk failed. System.IO.IOException The handshake failed due to an unexpected packet format.
Other info from Fiddler:
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Version: 3.3 (TLS/1.2)
Random: 55 39 05 98 AA 32 58 40 77 7C 78 67 B5 4C 56 5F B0 6F A3 8B D6 CD 60 EE AE 4E 2C 24 A0 15 8D A4
"Time": 27/10/2050 11:26:29
SessionID: empty
Extensions:
renegotiation_info 00
server_name testservices.bacs.co.uk
status_request OCSP - Implicit Responder
elliptic_curves secp256r1 [0x17], secp384r1 [0x18]
ec_point_formats uncompressed [0x0]
signature_algs sha256_rsa, sha384_rsa, sha1_rsa, sha256_ecdsa, sha384_ecdsa, sha1_ecdsa, sha1_dsa
SessionTicket empty
Ciphers:
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[009F] TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
[009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
[009D] TLS_RSA_WITH_AES_256_GCM_SHA384
[009C] TLS_RSA_WITH_AES_128_GCM_SHA256
[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[003D] TLS_RSA_WITH_AES_256_CBC_SHA256
[003C] TLS_RSA_WITH_AES_128_CBC_SHA256
[0035] TLS_RSA_AES_256_SHA
[002F] TLS_RSA_AES_128_SHA
[C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
[C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[006A] TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
[0040] TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
[0038] TLS_DHE_DSS_WITH_AES_256_SHA
[0032] TLS_DHE_DSS_WITH_AES_128_SHA
[000A] SSL_RSA_WITH_3DES_EDE_SHA
[0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA
[0005] SSL_RSA_WITH_RC4_128_SHA
[0004] SSL_RSA_WITH_RC4_128_MD5
etc....
The SSL certificate was changed last week at the server end.
It was SHA1 (worked with Fiddler) and now is SHA#256 (get the error above).
Is this a configuration problem or something else?
Our application works OK when Fiddler not running.
Regards
Ian Patterson
3 Answers, 1 is accepted
The problem relates to the fact that, when the new certificate was installed, the admin took the opportunity to disable SSL3 and TLS1.0, as you can see here: https://www.ssllabs.com/ssltest/analyze.html?d=testservices.bacs.co.uk
The consequence of that is that the server is rejecting Fiddler's TLS1.0 handshake.
Fortunately, this is easily resolved since you're running Win8.1 and Fiddler4.5. Simply click Tools > Fiddler Options > HTTPS. Click the Enabled Protocols link at the right and change the text to, for instance:
tls1.0;tls1.1;tls1.2
See http://blogs.telerik.com/fiddler/posts/13-02-11/fiddler-and-modern-tls-versions for further details.
Regards,
Eric Lawrence
Telerik
See What's Next in App Development. Register for TelerikNEXT.
Rank 1
Eric, many thanks for the quick response. The acceptance of tls1.1 and 1.2 in Fiddler sorted the problem and all now OK.
Fiddler has saved our bacon many times during the development of our https programs. First class product.
Regards, Ian.
Rank 1