SSL0235W: SSL Handshake Failed, Invalid peer
1,179 views
Skip to first unread message
Bob
Aug 24, 2011, 2:34:43 PM8/24/11
to Fiddler
My web server is IBM_HTTP_Server/6.1 Apache/2.0.47 on HP-UX 11.23.
I have a number of instances of the above apache version that run
HTTPS. All show this warning message:
SSL0235W: SSL Handshake Failed, Invalid peer
Browsers (without Fiddler enabled) do not appear to suffer any
problem. Apparently, the browser has TLS retry logic that can handle
the problem. But, when Fiddler is enabled, my session just hangs on
the CONNECT and returns a 502. The Fiddler problem occurs for all
browsers (e.g., IE, FF, etc.).
Does anybody know anything about this? Is there a PC setting that
might circumvent the problem. Is this a bug in Fiddler?
I have a number of instances of the above apache version that run
HTTPS. All show this warning message:
SSL0235W: SSL Handshake Failed, Invalid peer
Browsers (without Fiddler enabled) do not appear to suffer any
problem. Apparently, the browser has TLS retry logic that can handle
the problem. But, when Fiddler is enabled, my session just hangs on
the CONNECT and returns a 502. The Fiddler problem occurs for all
browsers (e.g., IE, FF, etc.).
Does anybody know anything about this? Is there a PC setting that
might circumvent the problem. Is this a bug in Fiddler?
EricLaw
Aug 24, 2011, 6:37:24 PM8/24/11
to Fiddler
You're correct to guess that Fiddler does not have "fallback" logic
that is present in most browsers.
The most likely explanation is that the server is buggy and doesn't
perform a valid TLS handshake. Discussion of one variant of this
problem, including a workaround configuration change to Fiddler, can
be found here: http://blogs.msdn.com/b/ieinternals/archive/2009/12/08/aes-is-not-a-valid-cipher-for-sslv3.aspx.
If switching to use just SSLv3 doesn't work, please let me know.
A low-level capture (e.g. Netmon) would allow me to see what exactly
is wrong with the handshake.
that is present in most browsers.
The most likely explanation is that the server is buggy and doesn't
perform a valid TLS handshake. Discussion of one variant of this
problem, including a workaround configuration change to Fiddler, can
be found here: http://blogs.msdn.com/b/ieinternals/archive/2009/12/08/aes-is-not-a-valid-cipher-for-sslv3.aspx.
If switching to use just SSLv3 doesn't work, please let me know.
A low-level capture (e.g. Netmon) would allow me to see what exactly
is wrong with the handshake.
Bob
Aug 29, 2011, 5:21:47 PM8/29/11
to Fiddler
Your Fiddler rule workaround solved the problem. Much thanks.
Reply all
Reply to author
Forward
0 new messages