Looking for failed SSL handshakes

asked 2019-06-18 10:25:11 +0000

ThomasC.
1 ●1 ●1 ●1

I have ran IISCrypto on a Windows 10 clients to test disabling TLS1.0, 1.1 and SSLv3.

Since I have done so, the system logs are flooded with the same error message:

A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

After a bit of googling, I found that it is usually generated because some applications still need SSLv3 or that some Net Framework version running on the client need to have TLS1.2 enabled.

I would like to find out what is causing this issue. I have installed Wireshark and used a simple SSL filter, but I am not sure where to look. Can someone wouldplease help me?

answered 2019-06-19 00:44:03 +0000

Lekensteyn
2346 ●3 ●19 ●29 https://lekensteyn.nl

updated 2019-06-19 08:19:05 +0000

grahamb

flag of United Kingdom of Great Britain and Northern Ireland

23790 ●4 ●950 ●227 https://www.wireshark.org

When implementations fail during the TLS handshake, they typically do either:

Forcefully close the TCP connection. This can be found with the display filter tcp.flags.reset==1
Send an unencrypted Alert message. This can be found with the display filter tls.alert_message.level

Combining the two:

tcp.flags.reset==1 or tls.alert_message.level

Note that normal TLS sessions may also use the TCP RST (reset) flag to tear down a connection to close down a successful session. If you see Application Data packets in the same TCP stream, then this would indicate that.

If you are using Wireshark 2.6 or older, note that the filter is named ssl.alert_message.level instead.

edit flag offensive delete link

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Looking for failed SSL handshakes

1 Answer

Your Answer

Question Tools

Stats

Looking for failed SSL handshakes edit

1 Answer

Your Answer

Question Tools

Stats

Looking for failed SSL handshakes