Testing IOS App with fiddler hit A SSLv3-compatible ClientHello handshake Error. I enabled <client>;ssl2;ssl3;tls1.0;tls1.1;tls1.2 all protocols, yet still hit error.

0 Answers 103 Views
Fiddler Classic Mobile
Edison
Top achievements
Rank 1
Edison asked on 26 Jul 2021, 03:20 PM
CONNECT apicl3.celcom.com.my:443 HTTP/1.1
Host: apicl3.celcom.com.my
User-Agent: celcom_life/200333 CFNetwork/1240.0.4 Darwin/20.5.0
Connection: keep-alive
Connection: keep-alive

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: 44 84 7D 65 07 24 79 BB A3 1A 28 9C 74 13 25 86 09 32 96 4C 68 86 E1 8D BA 8E EE F6 D7 09 00 3A
"Time": 16/12/2023 7:04:36 PM
SessionID: CA 31 92 D7 01 7E ED B3 00 56 BE 7E 29 BF B7 09 07 30 47 FB 02 21 6D 71 F5 82 B0 0F BC A0 91 AC
Extensions: 
grease (0x3a3a) empty
server_name apicl3.celcom.com.my
extended_master_secret empty
renegotiation_info 00
supported_groups grease [0x3a3a], x25519 [0x1d], secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19]
ec_point_formats uncompressed [0x0]
ALPN h2, http/1.1
status_request OCSP - Implicit Responder
signature_algs ecdsa_secp256r1_sha256, rsa_pss_rsae_sha256, rsa_pkcs1_sha256, ecdsa_secp384r1_sha384, ecdsa_sha1, rsa_pss_rsae_sha384, rsa_pss_rsae_sha384, rsa_pkcs1_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha512, rsa_pkcs1_sha1
SignedCertTimestamp (RFC6962) empty
key_share 00 29 3A 3A 00 01 00 00 1D 00 20 88 B4 9B C1 94 50 43 4C 36 70 D6 65 FF 6D 03 C0 64 80 87 A8 3C 9C 5B A9 CF DF 87 26 69 21 4E 1F
psk_key_exchange_modes 01 01
supported_versions grease [0x3a3a], Tls1.3, Tls1.2, Tls1.1
grease (0x8a8a) 00
padding 181 null bytes
Ciphers: 
[6A6A] Unrecognized cipher - See https://www.iana.org/assignments/tls-parameters/
[1301] TLS_AES_128_GCM_SHA256
[1302] TLS_AES_256_GCM_SHA384
[1303] TLS_CHACHA20_POLY1305_SHA256
[C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
[C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
[C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
[C00A] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[C009] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C014] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C013] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
[009D] TLS_RSA_WITH_AES_256_GCM_SHA384
[009C] TLS_RSA_WITH_AES_128_GCM_SHA256
[003D] TLS_RSA_WITH_AES_256_CBC_SHA256
[003C] TLS_RSA_WITH_AES_128_CBC_SHA256
[0035] TLS_RSA_WITH_AES_256_CBC_SHA
[002F] TLS_RSA_WITH_AES_128_CBC_SHA
[C008] TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
[C012] TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
[000A] SSL_RSA_WITH_3DES_EDE_SHA

Compression: 
[00] NO_COMPRESSION

Nick Iliev
Telerik team
commented on 27 Jul 2021, 08:30 AM

Is the above manifesting when the endpoint is tested through an iOS device but working as expected when accessed through a desktop browser? Try to completely reset (remove, reinstall, re-trust) your certificates on the mobile iOS device after making the Fiddler client settings panel changes.

No answers yet. Maybe you can help?

Tags
Fiddler Classic Mobile
Asked by
Edison
Top achievements
Rank 1
Share this question
or