With web application security becoming more important you may find servers refusing to accept SSL 3.0 protocol due to security vulnerabilities such as POODLE (https://en.wikipedia.org/wiki/POODLE ).

Older versions of VuGen will refuse to record the application and display an error page similar to below giving vague information to what the problem is.

SSL3a updated

VuGen 12.50 will now show a popup giving a hint where the problem is:

SSL3b

Using Wireshark it become clear that the issue is with the SSL handshake:

SSL3c

Compared with a successful secure handshake recording when using the browser:

SSL3d

By default VuGen has the following “Recording -> Network -> Mapping and Filtering” settings:

SSL3e

The problem is that VuGen will not try later TLS versions after the first handshake has failed unlike a browser which will start from the highest TLS version and work down until the server accepts the handshake:

SSL3f

Simple solution is to change the VuGen Recording -> Network -> Mapping and Filtering to at least TLS 1.0

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.