Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Fiddler https error: "because they do not possess a common algorithm"

Tags:

https

ssl

fiddler

I am trying to monitor https traffic with Fiddler, using current newest version:2.4.4.5

I've successfully set up https, certificates and I can see the full https encrypted traffic for example browsing my bank's web site.

...however...

When I trying to monitor an other server I got this error message in the response window:

"Failed to secure existing connection for 77.87.178.160. A call to SSPI failed, see inner exception. InnerException: System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm"

For full Fiddler window see:

enter image description here

The client is not a in this case browser, but a custom client program, which communicates with its own server.

My question: Is this exception misleading and in reality some other error prevents the secure channel to set up? ...or... We have still chance to monitor this https communication?

Thx in advance

like image 745
g.pickardou Avatar asked Jul 11 '13 13:07

g.pickardou


1 Answers

What is the client program?

This error typically indicates that that client application is only offering certain HTTPS ciphers, and those ciphers are not supported by Fiddler.

However, in this case, the specific problem here is almost certainly this: http://blogs.msdn.com/b/ieinternals/archive/2009/12/08/aes-is-not-a-valid-cipher-for-sslv3.aspx

The client is trying to use AES with SSLv3, but that isn't one of the valid ciphers for SSL3. As a consequence, the connection fails.

You might be able to workaround this by clicking Rules > Customize Rules. Scroll down to the Main() function and add the following line within the function:

  CONFIG.oAcceptedServerHTTPSProtocols = 
    System.Security.Authentication.SslProtocols.Ssl3;

Please let me know if this works.

NOTE Current versions of Fiddler offer a UI link for this: Look at the lis of enabled protocols on the HTTPS tab.

like image 61
EricLaw Avatar answered Oct 22 '22 02:10

EricLaw