'How to allow custom TLS extensions in Client Hello from web Server
when custom TLS extension added to Client Hello message, web Server respond with "ERR_SSL_DECRYPT_ERROR_ALERT". web server is running with Apache. is there any guide to define custom extension in Server side.
Screenshot after add the custom extension. Last one is the custom added extension.
Solution 1:[1]
Original client Hello modified by middle device and send to the server.
TLS is designed to prevent any modification by a man in the middle. This includes modifications of the handshake which are detected because the final Finished message contains a protected hash over all handshake messages.
It is therefore not possible to simply add a TLS extension by some middle device and expect the handshake to be successful. The error you see reflects that the server detected a manipulation of the handshake messages.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Steffen Ullrich |