Just double checking


#1

Normally I get a different error, but we’re testing android devices and notice a new error today:
Cannot establish TLS with client (sni: clients4.google.com): TlsException(“SSL handshake error: Error([(‘SSL routines’, ‘ssl3_read_bytes’, ‘sslv3 alert certificate unknown’)],)”,)

Not sure if it’s the same as getting:
Cannot establish TLS with client (sni: clients1.google.com): TlsException("(-1, ‘Unexpected EOF’)",)

I mean I understand if it’s a certificate error, but that is working nice so far. Just seems like we’re getting a lot of errors for the SSLV3 alert instead of the other error. Just didn’t know the different in this case or if they’re the same error. Is one for normal none trusting and the other for certificate pin issues?


#2

Hey,

Different TLS clients abort connections at different points in time. Some sent an “unknown CA” error, which makes it easy for us to diagnose, others don’t. The unexpected EOF can very well be a “client does not trust the certificate”, a general network error, or a TLS incompatibility. If you have this consistently in a local network, the first option is probably the most likely.


#3

@mhils
Hi why we receive 1st error in most https interception, how to debug and solve it.