SSLv3-compatible ClientHello handshake was found

5,675 views
Skip to first unread message

Abhishek Singh

unread,
Jan 17, 2016, 9:34:17 PM1/17/16
to Fiddler

We are using a 3rd party lib in our android Application. We are suspecting that it is sending users data to its own server. When I am trying to track request response using Fiddler  it is giving me below message.


A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: F0 12 22 AC C3 41 54 9B 62 AF 3A 8D 03 3B BC AB 9B 7B 13 03 F1 94 73 F2 A7 9D 7F B0 56 F3 6C 76 
"Time": 7/7/2061 3:53:44 AM
SessionID: empty

EricLaw

unread,
Jan 20, 2016, 1:32:58 AM1/20/16
to Fiddler
The Android application is sending data over HTTPS. I don't think I understand your question.

Wal Schrabi

unread,
Jan 25, 2016, 7:36:00 AM1/25/16
to Fiddler
HI I also have this problem, how can I decrypt SSLv3/TLS1.2 Traffic? I could do it with TLS1.0. I have the latest fiddler installed.
thanks
walter

EricLaw

unread,
Jan 25, 2016, 8:20:30 AM1/25/16
to Fiddler
@Wal: You are also confused; Fiddler basically doesn't care which TLS version is used. Please explain in detail the problem you're having: What client are you using, what URLs is it using, what specifically happens, and what text, if any, is in Fiddler's LOG tab?

Wal Schrabi

unread,
Jan 25, 2016, 8:50:40 AM1/25/16
to Fiddler
Hi eric,
I tried to get the MSDS from thermofisher.com
I have attached the screen shoot.

Thanks for help.

Wal Schrabi

unread,
Jan 25, 2016, 1:14:43 PM1/25/16
to Fiddler
I had to install the fiddler with fiddler4 (with net4 )new. Now I can decrypt TLS1.2 too

EricLaw

unread,
Jan 25, 2016, 11:35:18 PM1/25/16
to Fiddler
As shown in the screenshot: "This specific tunnel was configured not to be decrypted." An explanation for why that is could be found in the Session Properties of the selected CONNECT tunnel (right-click the entry in the Web Sessions list).
Reply all
Reply to author
Forward
0 new messages