"sslv3 alert handshake failure" - How to find out what's causing this

Hi All!

I’ve just started to use mitmproxy to reverse engineer an Android app (after working around the certificate pinning it does). But I’ve hit a bit of a problem at this point, namely the following error message:

TlsException("SSL handshake error: Error([('SSL routines', 'ssl3_read_bytes', 'sslv3 alert handshake failure')],)",)

I can see the outgoing requests (URLs and headers), from the client (the app), but nothing from the upstream server.

It seems that a potential solution is to compile my own Openssl with SSLV3 support, as described here, which I did, however, no dice. I’ve also tried changing the ssl_version_server and ssl_insecure options.

So my question is: Is there anything else I can do ?

Is there a way to see what particular version of SSL / TLS and cyphers the app / client used on its request ? (So I can use those exact ones) ?

The SSL Labs report for the site is here: https://www.ssllabs.com/ssltest/analyze.html?d=api.aliexpress.com, and it also works fine both in browser and curl (giving the expected 404).

After a bit more digging, it also works in the browser on the device, giving the 404 message, and, i do actually get the proper response from the server if I hit “replay” in mitmproxy. So why is it initially failing ? I’m starting to think that it’s the app doing something strange.

Any ideas ?

Thanks :slight_smile:

OpenSSL functions are often named ssl3_…, that doesn’t necessarily mean that you are using SSLv3 or that there’s an SSLv3 problem.

The problem you are describing (flow fails in live mode, but works with replay) is weird. Unfortunately TLS errors are not very descriptive to not leak side channel info. Your best bet at debugging this is capture both handshakes in Wireshark and find out where they differ.