Re: Problem connecting to HTTPS site via HTTPS proxy

On 1/29/2020 10:19 PM, Ray Satiro via curl-users wrote:
> On 1/29/2020 12:21 PM, Jim B. via curl-users wrote:
>> * Proxy replied 200 to CONNECT request
>> * CONNECT phase completed!
>> * ALPN, offering h2
>> * ALPN, offering http/1.1
>> * TLSv1.2 (OUT), TLS handshake, Client hello (1):
>> * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to
>> www.cnn.com:443
>> * Closing connection 0
>> * TLSv1.2 (OUT), TLS alert, Client hello (1):
>> curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to
>> www.cnn.com:443
>
>
> Bluecoat is probably playing mitm and drops the connection. Does it
> happen with all https websites? Do you have the same problem when you
> use a transfer tool other than curl?
>

As a matter of fact I'm not sure if Bluecoat supports this at all. But
there is no reason why it should not. The outer connection should have
nothing to do with whatever is going on inside (http or https via tunnel
(CONNECT)). It is currently configured as a HTTPS Reverse Proxy on port
443. That's the only mode where it does not seem to be doing any
interception. But yeah, that is usually used to forward external
connections to some internal service, and not the other way round.

I haven't tried all HTTPS websites :) but I have found none that would work.

As far as the client goes I haven't tried a client other than Curl, no.
Curl is kind of the reference. Most browsers don't even allow to
configure a HTTPS proxy (using their GUI at least), usually one has to
use PAC file magic or so. Usually they also choke at the first sign of
trouble with certificates. Before I tackle that (looking for more
problems) I'd like to confirm it is basically working first.

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-01-29