TLS handshake failures
Anand Sridharan
sri.deep07 at gmail.com
Wed Apr 15 00:00:45 UTC 2020
Hi ,
we are trying to add tls support to socks proxy with Curl as part of that
we are trying to complete initial TLS handshake.
we are trying to run openssl s_server on loopback interface to verify
changes
we tried two methods both are resulting in fatal error alert from server.
Method 1 - use existing api's used for http proxy but remove any conditions
specific for HTTPS proxy.(wireshark: lo_sslversion.pcap)
- SSL upgrade of existing socket using curl API’s
curl_ssl_connect_nonblocking and curl_ssl_init_proxy for TLS handshake
- Fatal alert: protocol version
Method 2- use new SSL context init and add certificates/key manually, do
simple ssl_connect on sockfd (wireshark: inverse_server_client_l0.pcap)
- SSL_set_fd(ssl, sockfd) and SSL_connect(ssl) are used.
- Fatal alert illegal parameter.
Commands used:
server: openssl s_server --accept 1080 -cert certificate1.pem -key key1.pem
client: curl -v -g -k --proxy socks5://127.0.0.1:1080
https://www.google.com
could you please help understand this error?
--
thanks,
Anand.S
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200414/b570d320/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lo_sslversion.pcap
Type: application/octet-stream
Size: 8673 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200414/b570d320/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: inverse_server_client_l0.pcap
Type: application/octet-stream
Size: 9825 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200414/b570d320/attachment-0003.obj>
More information about the openssl-users
mailing list