Ask Your Question
0

Looking for failed SSL handshakes

asked 2019-06-18 10:25:11 +0000

I have ran IISCrypto on a Windows 10 clients to test disabling TLS1.0, 1.1 and SSLv3.

Since I have done so, the system logs are flooded with the same error message:

A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

After a bit of googling, I found that it is usually generated because some applications still need SSLv3 or that some Net Framework version running on the client need to have TLS1.2 enabled.

I would like to find out what is causing this issue. I have installed Wireshark and used a simple SSL filter, but I am not sure where to look. Can someone wouldplease help me?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-06-19 00:44:03 +0000

Lekensteyn gravatar image

updated 2019-06-19 08:19:05 +0000

grahamb gravatar image

When implementations fail during the TLS handshake, they typically do either:

  • Forcefully close the TCP connection. This can be found with the display filter tcp.flags.reset==1
  • Send an unencrypted Alert message. This can be found with the display filter tls.alert_message.level

Combining the two:

tcp.flags.reset==1 or tls.alert_message.level

Note that normal TLS sessions may also use the TCP RST (reset) flag to tear down a connection to close down a successful session. If you see Application Data packets in the same TCP stream, then this would indicate that.

If you are using Wireshark 2.6 or older, note that the filter is named ssl.alert_message.level instead.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-06-18 10:25:11 +0000

Seen: 450 times

Last updated: Jun 19