HTTPSLint> Warning: ClientHello record was xxx bytes long.
6,175 views
Skip to first unread message
term srv
Mar 11, 2015, 2:26:26 AM3/11/15
to httpf...@googlegroups.com
I'm using Fiddler 4.4.9.9 on Windows 7 x64. Today I saw in my log a lot of this:
I've never seen this before. I did a search but it looks like this message may have to do with SSL malfunctions? Everything seems to be working ok. The only change to my system is today I updated Windows. Is there a way I can trace what program is causing this problem?
Also I see a lot of this, probably unrelated though:
22:25:13:7886 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
22:25:14:9742 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
22:25:15:0054 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
22:25:15:0054 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
22:25:15:0054 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
22:25:15:0366 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
I've never seen this before. I did a search but it looks like this message may have to do with SSL malfunctions? Everything seems to be working ok. The only change to my system is today I updated Windows. Is there a way I can trace what program is causing this problem?
Also I see a lot of this, probably unrelated though:
23:34:16:8932 [Fiddler] No HTTP request was received from (:5980) new client socket, port 52253.
23:34:20:8934 [Fiddler] No HTTP request was received from (:5980) new client socket, port 52283.
23:34:21:8945 [Fiddler] No HTTP request was received from (:5980) new client socket, port 52290.
23:34:55:9094 [Fiddler] No HTTP request was received from (:5980) new client socket, port 52430.
23:34:55:9094 [Fiddler] No HTTP request was received from (:5980) new client socket, port 52431.
23:34:55:9094 [Fiddler] No HTTP request was received from (:5980) new client socket, port 52432.
23:34:55:9094 [Fiddler] No HTTP request was received from (:5980) new client socket, port 52433.
23:34:55:9094 [Fiddler] No HTTP request was received from (:5980) new client socket, port 52434.
23:35:07:6441 [Fiddler] No HTTP request was received from (:5980) new client socket, port 52565.
23:35:07:6441 [Fiddler] No HTTP request was received from (:5980) new client socket, port 52566.
23:35:47:5314 [Fiddler] No HTTP request was received from (:5980) new client socket, port 52724.
EricLaw
Mar 13, 2015, 10:50:27 AM3/13/15
to httpf...@googlegroups.com
The "ClientHello record" message can be safely ignored. The link provided in the warning message (https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance) explains the issue. To make a long story short, some servers don't like long handshakes. The Chrome guys found a hacky workaround by making the handshake *even longer*; you may see a "padding" TLS Extension in the CONNECT for that purpose.
The "No HTTP request was received..." message indicates that the client opened a connection but didn't send a request to Fiddler. That's not uncommon; some clients will speculatively open connections and then discard them if they're not needed.
term srv
Apr 20, 2018, 10:00:51 PM4/20/18
to Fiddler
Eric is there any way I can stop these messages from being logged? It makes
the log almost unusable. I see thousands of these warnings and I'm
struggling to review other information in the log that is buried in between.
Eric Lawrence
Apr 23, 2018, 1:09:57 PM4/23/18
to Fiddler
I think there are three feature requests here:
1. Stop logging these entirely, or maybe log them only when the handshake is between 255 and 512 bytes (https://cs.chromium.org/chromium/src/third_party/boringssl/src/ssl/ssl_test.cc?l=1082&rcl=9f0e7cb314ae64234b928fd379381ae9760a9a5f). I think today the warning in Fiddler is simply >255 bytes. But we should probably get rid of this logging entirely, as the buggy server appliances are probably out of the market at this point. Although maybe show a warning at >767 bytes as a) that's huge, and b) we found that there's a server called Gatling that fails on handshakes that big.
2. Extend the existing interfaces related to Log handling to allow an extension to "eat" messages so that they don't end up in the log.
3. Extend the Log tab to make use of that new interface to have an "Ignore regex match" box.
I'd happily upvote all of these. Please file at https://fiddler.ideas.aha.io
ter...@gmail.com
Apr 5, 2019, 12:03:00 AM4/5/19
to Fiddler
Reply all
Reply to author
Forward
0 new messages