相关文章推荐
小百科  ›  Enable tls 1.2 by default
tls
高大的白开水
3 月前

Since more and more websites enforce you to use tls 1.2 (and don't support tls 1.0 any more), I suggest that the list of protocols is automatically extended with tls1.2 by a next fiddler update - or at least there should be a single-time question box with Yes-No-Cancel to extend it.

Also see reference at https://www.telerik.com/forums/some-https-sites-are-unaccessible-when-using-fiddler

I did have <client> in the Protocols box as well... here is the problem:

When I turn on "Decrypt HTTPS traffic" to enable that Protocols settings, I get prompted to install a new trusted root certificate.   Do to security policies, I am unable (and frankly unwilling) to do that.

After I click that box, now I can use the composer to manually create API requests to servers that only support TLS 1.2... BUT, while that setting is on, nothing else on my computer works, as the majority of sites will attempt to use TLS 1.2, but not work because I refused to trust the new root certificate.  So I can't manually create API requests and test them at the same time as I'm actually testing live webservers that implement the API... So I have to go in and turn the "Decrypt HTTPS traffic" setting off in order for the rest of my computer to work, then turn it back on again when I need to test an API directly that only supports TLS 1.2.   I should have to enabled "Decrypt HTTPS traffic" in order to allow composer to use a different protocol that is obviously supported by Fiddler.  Fiddler doesn't need to sniff or decrypt those manually entered composer requests, because it was the process that generated the requests and will receive the responses directly.

Don't make me switch to Postman.

@Michael: in the same box where you typed "tls1.2" you can type "<client>" and Fiddler will offer the server the latest TLS version the client offered it.

It's not at all clear what you mean by "install new root certificates" or "every time I open Fiddler"-- the root certificates have nothing to do with the TLS version (you can use any version of TLS with Fiddler's root), and the setting for which TLS version is used is preserved from session to session, so after you add either "tls1.2" or "<client>" once, you should never need to do so again.

I need this feature.   What do you mean by <client> token?   I can't find any settings for that.   Is that the User-Agent?

I was able to get this to work by going to Tools->Options->HTTPS->Decrypt HTTPS traffic, and then editing the Protocols list to include "tls1.2", but I don't want to install new root certificates, and doing this every time I open Fiddler is very annoying.

Please let me know how to enable this by default because TLS 1.0 and 1.1 were officially deprecated today https://datatracker.ietf.org/doc/rfc8996/ and more and more APIs I deal with only allow connections using TLS 1.2.

Either that or I switch to Postman and hate myself.   Please.

 
推荐文章
Link管理   ·   Sov5搜索   ·   小百科
小百科 - 百科知识指南