Error while working with SSL site thru Fiddler
1,171 views
Skip to first unread message
ahteycom
Dec 8, 2009, 12:13:54 AM12/8/09
to Fiddler
Windows 7 x64, .NET 3.5 SP1, Fiddler 2.2.7.9 Beta (also tried latest
stable release).
Both IE 8 (x86) and Firefox 3.5.5 work with site without fiddler. Then
I use Fiddler i get following (FF used in example, IE 8 - same): Any
advise?
== Raw request:
CONNECT atsenergo.ru:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.1.5)
Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)
Proxy-Connection: keep-alive
Host: atsenergo.ru
==
== Raw responce (.NET error description is translated from russian,
loathe those localized errors!):
HTTP/1.1 502 Connection failed
Connection: close
Timestamp: 10:19:01:8837
HTTPS connection failed.
System.Security.Authentication.AuthenticationException: call failed
SSPI, see inner exception. ---> System.ComponentModel.Win32Exception:
Interaction between the client and the server is impossible, since
have different algorithm
--- End of inner exception stack trace ---
in System.Net.Security.SslState.StartSendAuthResetSignal
(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception
exception)
in System.Net.Security.SslState.ProcessReceivedBlob (Byte []
buffer, Int32 count, AsyncProtocolRequest asyncRequest)
in System.Net.Security.SslState.StartReceiveBlob (Byte [] buffer,
AsyncProtocolRequest asyncRequest)
in System.Net.Security.SslState.ForceAuthentication (Boolean
receiveFirst, Byte [] buffer, AsyncProtocolRequest asyncRequest)
in System.Net.Security.SslState.ProcessAuthentication
(LazyAsyncResult lazyResult)
in Fiddler.Pipe.Connect (Boolean bCreateConnectTunnel, IPEndPoint
remoteEP, Boolean bSecureTheSocket, String sCertCN, String
sClientCertificateFilename, String sPoolingKey)
in Fiddler.Pipe.Connect (IPEndPoint remoteEP, Boolean
bSecureTheSocket, String sCertCN, String sClientCertificateFilename,
String sPoolingKey)
in Fiddler.Session.ExecuteHTTPSConnect ()
==
stable release).
Both IE 8 (x86) and Firefox 3.5.5 work with site without fiddler. Then
I use Fiddler i get following (FF used in example, IE 8 - same): Any
advise?
== Raw request:
CONNECT atsenergo.ru:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.1.5)
Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)
Proxy-Connection: keep-alive
Host: atsenergo.ru
==
== Raw responce (.NET error description is translated from russian,
loathe those localized errors!):
HTTP/1.1 502 Connection failed
Connection: close
Timestamp: 10:19:01:8837
HTTPS connection failed.
System.Security.Authentication.AuthenticationException: call failed
SSPI, see inner exception. ---> System.ComponentModel.Win32Exception:
Interaction between the client and the server is impossible, since
have different algorithm
--- End of inner exception stack trace ---
in System.Net.Security.SslState.StartSendAuthResetSignal
(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception
exception)
in System.Net.Security.SslState.ProcessReceivedBlob (Byte []
buffer, Int32 count, AsyncProtocolRequest asyncRequest)
in System.Net.Security.SslState.StartReceiveBlob (Byte [] buffer,
AsyncProtocolRequest asyncRequest)
in System.Net.Security.SslState.ForceAuthentication (Boolean
receiveFirst, Byte [] buffer, AsyncProtocolRequest asyncRequest)
in System.Net.Security.SslState.ProcessAuthentication
(LazyAsyncResult lazyResult)
in Fiddler.Pipe.Connect (Boolean bCreateConnectTunnel, IPEndPoint
remoteEP, Boolean bSecureTheSocket, String sCertCN, String
sClientCertificateFilename, String sPoolingKey)
in Fiddler.Pipe.Connect (IPEndPoint remoteEP, Boolean
bSecureTheSocket, String sCertCN, String sClientCertificateFilename,
String sPoolingKey)
in Fiddler.Session.ExecuteHTTPSConnect ()
==
EricLaw
Dec 8, 2009, 12:39:28 PM12/8/09
to Fiddler
Fascinating. I've never seen such a problem before. It looks like the
client and server agree to use
SSLCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA { 0x00, 0x2F }
But for some reason, .NET decides to reject the connection.
I'll need to talk to the SChannel team in Windows to figure out what's
going on here.
client and server agree to use
SSLCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA { 0x00, 0x2F }
But for some reason, .NET decides to reject the connection.
I'll need to talk to the SChannel team in Windows to figure out what's
going on here.
Message has been deleted
EricLaw
Dec 8, 2009, 2:42:47 PM12/8/09
to Fiddler
Thanks for reporting this. This is actually a bug in the server. I
explain the problem (and the workaround) in a blog post over on my
blog: http://blogs.msdn.com/ieinternals/archive/2009/12/08/AES-is-not-a-valid-cipher-for-SSLv3.aspx
explain the problem (and the workaround) in a blog post over on my
blog: http://blogs.msdn.com/ieinternals/archive/2009/12/08/AES-is-not-a-valid-cipher-for-SSLv3.aspx
PetrAbdulin
Dec 9, 2009, 2:41:15 AM12/9/09
to Fiddler
Thanks Eric, for quick reply, the problem is solved!
The problem originally came from my application interacting with this
site via HttpWebRequest, luckily Fiddler is a .NET app too.
Here is a solution I used - set up a property for static class in
System.Net before creating connections:
System.Net.ServicePointManager.SecurityProtocol =
SecurityProtocolType.Ssl3;
P.S. In blog post there are 2 typing errors:
1. "The capture shows... " - capture href is invalid.
2. "To update your FiddlerScript, click Rules > Fiddler Options"
should be "Rules > Customize rules..."
Again, thank you very much for helping with this tricky problem. Saved
a tons of my time.
On 9 дек, 01:42, EricLaw <bay...@gmail.com> wrote:
> Thanks for reporting this. This is actually a bug in the server. I
> explain the problem (and the workaround) in a blog post over on my
> blog:http://blogs.msdn.com/ieinternals/archive/2009/12/08/AES-is-not-a-val...
The problem originally came from my application interacting with this
site via HttpWebRequest, luckily Fiddler is a .NET app too.
Here is a solution I used - set up a property for static class in
System.Net before creating connections:
System.Net.ServicePointManager.SecurityProtocol =
SecurityProtocolType.Ssl3;
P.S. In blog post there are 2 typing errors:
1. "The capture shows... " - capture href is invalid.
2. "To update your FiddlerScript, click Rules > Fiddler Options"
should be "Rules > Customize rules..."
Again, thank you very much for helping with this tricky problem. Saved
a tons of my time.
On 9 дек, 01:42, EricLaw <bay...@gmail.com> wrote:
> Thanks for reporting this. This is actually a bug in the server. I
> explain the problem (and the workaround) in a blog post over on my
EricLaw
Dec 9, 2009, 6:55:52 PM12/9/09
to Fiddler
thanks for the typos. fixed.
> > > ==- Hide quoted text -
>
> - Show quoted text -
>
> - Show quoted text -
Reply all
Reply to author
Forward
0 new messages