How to solve SSL 3 recording issues in HPE VuGen

With web application security becoming more important you may find servers refusing to accept SSL 3.0 protocol due to security vulnerabilities such as POODLE ( ).

Older versions of VuGen will refuse to record the application and display an error page similar to below giving vague information to what the problem is.

SSL3a updated

VuGen 12.50 will now show a popup giving a hint where the problem is:


Using Wireshark it become clear that the issue is with the SSL handshake:


Compared with a successful secure handshake recording when using the browser:


By default VuGen has the following “Recording -> Network -> Mapping and Filtering” settings:


The problem is that VuGen will not try later TLS versions after the first handshake has failed unlike a browser which will start from the highest TLS version and work down until the server accepts the handshake:


Simple solution is to change the VuGen Recording -> Network -> Mapping and Filtering to at least TLS 1.0