SSL protocol error of Device Portal on Windows 10 Mobile
Device Portal of Windows 10 Mobile is now available on NuAns NEO but it's not usable. Browsers say “The connection to the server was reset while the page was loading.” This is not a kind of insecure-certificate problem.
update 2016-07-31: I found that the SNI servername other than "localhost" causes the error. So a workaround is to use USB connection with URL https://localhost:10443/ .
My NuAns NEO:
- Windows 10 Mobile, build 10.0.14393.5 (The problem exists since the first 10586 build which come to NuAns NEO as far as I can remember.)
- Firmware rev 1028.020.001.79
I've tested it with the openssl command.
C:> openssl s_client -connect 172.16.10.186:443 CONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 306 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1469769595 Timeout : 300 (sec) Verify return code: 0 (ok) ---
The message lacks server certificate, cipher string and so on. I wonder what situation/configuration causes this. Like the phone vendor forgot to install something?
Using USB connection doesn't help because http://127.0.0.1:10080 redirects https page which emits the same erroneous message. cURL says unknown SSL protocol error:
C:> curl --verbose -i https://127.0.0.1:10443/ * STATE: INIT => CONNECT handle 0x600082340; line 1402 (connection #-5000) * Added connection 0. The cache now contains 1 members * Trying 127.0.0.1... * STATE: CONNECT => WAITCONNECT handle 0x600082340; line 1455 (connection #0) * Connected to 127.0.0.1 (127.0.0.1) port 10443 (#0) * STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x600082340; line 1562 (connection #0) * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /usr/ssl/certs/ca-bundle.crt CApath: none * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x600082340; line 1576 (connection #0) * Unknown SSL protocol error in connection to 127.0.0.1:10443 * multi_done * Closing connection 0 * The cache now contains 0 members * Expire cleared curl: (35) Unknown SSL protocol error in connection to 127.0.0.1:10443
In contrast, connection to another phone Lumia 1520 succeeds as follows.
C:> openssl s_client -connect 172.16.10.5:443 CONNECTED(00000003) depth=0 CN = 172.16.10.5 verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 CN = 172.16.10.5 verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/CN=172.16.10.5 i:/CN=Microsoft Windows Web Management (Test) (Windows-Phone) --- Server certificate -----BEGIN CERTIFICATE----- MIIDYzCCAkugAwIBAgII/x+R… -----END CERTIFICATE----- subject=/CN=172.16.10.5 issuer=/CN=Microsoft Windows Web Management (Test) (Windows-Phone) --- No client certificate CA names sent Peer signing digest: SHA256 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 1355 bytes and written 432 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 1324… Session-ID-ctx: Master-Key: 2818… Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 146976… Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- read:errno=104