Fiddler https error: “because they do not possess a common algorithm”

Question

I am trying to monitor https traffic with Fiddler, using current newest version:2.4.4.5

I\'ve successfully set up https, certificates and I can see the full https encryp

Answer 1

Yes I too have seen this error when working outside of fiddler and it was connected with AuthenticateAsServer but only went wrong when using IE10 and not Chrome as the browser.

Odd thing is that it did not break all the time for IE10 using SslProtocols.Tls for the protocol so I will add a bit of code to switch the protocol if one fails

The protocol that can be used also seems to change on if you are using a proxy server like Fiddler or using an invisible server by hijacking the DNS via the hosts file to divert traffic to the server

Answer 2

Unbelievably this issue is still present some 6 years later. Just installed the latest version of Fiddle (v5.0.20194.41348), and sure enough on Win7 using Chrome or IE it keeps failing with the dreaded error:

"fiddler.network.https> HTTPS handshake to google.com (for #1) failed. System.ComponentModel.Win32Exception The client and server cannot communicate, because they do not possess a common algorithm"

After some hours of testing, I found a middle ground solution which seems to work with virtually all websites. The aim was to get the highest possible security with no errors in the log. Without needing to add any code, simply changing this line under Tools > Options > HTTPS > Protocols is what worked for me (just copy and paste it):

<client>;ssl3;tls1.1;tls1.2

Basically removed the ssl2 and tls1.0 protocols which leaves us with some pretty decent security and no errors so far. Having spent hours of frustration with this error, hope someone out there might find this useful, and a big thanks to EricLaw who discovered the root of the problem.

Answer 3

What is the client program?

This error typically indicates that that client application is only offering certain HTTPS ciphers, and those ciphers are not supported by Fiddler.

However, in this case, the specific problem here is almost certainly this: http://blogs.msdn.com/b/ieinternals/archive/2009/12/08/aes-is-not-a-valid-cipher-for-sslv3.aspx

The client is trying to use AES with SSLv3, but that isn't one of the valid ciphers for SSL3. As a consequence, the connection fails.

You might be able to workaround this by clicking Rules > Customize Rules. Scroll down to the Main() function and add the following line within the function:

  CONFIG.oAcceptedServerHTTPSProtocols = 
    System.Security.Authentication.SslProtocols.Ssl3;

Please let me know if this works.

NOTE Current versions of Fiddler offer a UI link for this: Look at the lis of enabled protocols on the HTTPS tab.