Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

SSL handshake error

See original GitHub issue

Steps to reproduce the problem:

Take an Android 7.1.2 Xiaomi Redmi 4X with MIUI 10.3
Install mitmproxy
launch mitmdump command
Set proxy on the phone & Install root certificate provided by the domain mitm.it using settings app: “More settings” > “Privacy” > “Install certificate”
Go to any apps and try to make a http request like twitter or discordapp
Errors appears:

192.168.0.14:56294: CONNECT android.googleapis.com:443
 << Cannot establish TLS with client (sni: android.googleapis.com): TlsException("SSL handshake error: Error([('SSL routines', 'ssl3_read_bytes', 'sslv3 alert certificate unknown')],)",)

System information

Mitmproxy: 4.0.4 binary Python: 3.6.3 OpenSSL: OpenSSL 1.1.0h 27 Mar 2018 Platform: Linux-5.2.5-arch1-1-ARCH-x86_64-with-arch

Issue Analytics

State:
Created 4 years ago
Reactions:2
Comments:6 (1 by maintainers)

Top GitHub Comments

5reactions

tumbledcoincommented, Aug 28, 2019

You will have a problem unless you can modify the app or service to prevent it from checking the certificate it is presented against what it expects. Think of it like this: You order an uber and you are old the vehicle picking you up will be a red Toyota. You go outside and wait but a green ford shows up saying they are your uber. You refuse to accept the ride, based on previously provided knowledge.

Th same thing for the app, you will need to modify the app’s previous knowledge of the certificate, otherwise it will continue to reject the MITM certificate.

1reaction

lefuturistecommented, Aug 27, 2019

And so ?? it’s the whole point of why I want to use that! I want to see what is coming in and out of my phone.