8

I am using Charles 3.7 to debug SSL connections. I was able to view most of the HTTPS connections, however there is 1 or 2 sites that returned "SSLProtocol: handshake alert: unrecognized_name" when I try to debug it, and I was unable to load the website with Charles on. I am able to do so using Fiddler. Any ideas on how to resolve this issue? Thanks.

jww
  • 97,681
  • 90
  • 411
  • 885
kchiewtrc1
  • 81
  • 1
  • 3

4 Answers4

5

I came across this when using the latest beta Charles 3.10b9 on 10.10. We fixed by using a similar method to Shade's answer:

I opened info.plist in Xcode and did the following:

Under the JVMOptions (as oppose to VMOptions) key add the string:

-Djsse.enableSNIExtension=false
XtremeMan
  • 51
  • 1
  • 2
0

Looks like this has more to do with a security improvement from Java 1.7 and server configuration than it does Charles. Can you confirm which JRM Charles is using? help -> about java

Here's an article about the same error message but after upgrading to Java 1.7:

http://www.pressingquestion.com/2030237/Ssl-Handshake-Alert-Unrecognized_name-Error-Since-Upgrade-To-Java-170

Do you need to use Charles for those sites throwing the error? You can disable SSL Proxying per site if not.

ilovett
  • 3,240
  • 33
  • 39
0

Add -Djsse.enableSNIExtension=false to the info.plist in the Contents folder for the Charles application. In:

<key>VMOptions</key>
<string>-Xmx512m -Djsse.enableSNIExtension=false</string>
Shades
  • 543
  • 2
  • 5
  • 11
0

Try using command line from project's path:

mvn clean install -Djsse.enableSNIExtension=false
Kurt Van den Branden
  • 11,995
  • 10
  • 76
  • 85
Pdp
  • 1
  • This actually worked in my case (SSL certificate was present in keystore, yet I kept getting handshake failure with unrecognized_name). Could you perhaps elaborate why this works or point me to some information? – Igor May 13 '20 at 15:46