curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Problem connecting to HTTPS site via HTTPS proxy

From: Ray Satiro via curl-users <curl-users_at_cool.haxx.se>
Date: Wed, 29 Jan 2020 19:02:33 -0500

On 1/29/2020 4:54 PM, Jim B. via curl-users wrote:
>
> On 1/29/2020 10:19 PM, Ray Satiro via curl-users wrote:
>> On 1/29/2020 12:21 PM, Jim B. via curl-users wrote:
>>> * Proxy replied 200 to CONNECT request
>>> * CONNECT phase completed!
>>> * ALPN, offering h2
>>> * ALPN, offering http/1.1
>>> * TLSv1.2 (OUT), TLS handshake, Client hello (1):
>>> * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to
>>> www.cnn.com:443
>>> * Closing connection 0
>>> * TLSv1.2 (OUT), TLS alert, Client hello (1):
>>> curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to
>>> www.cnn.com:443
>>
>>
>> Bluecoat is probably playing mitm and drops the connection. Does it
>> happen with all https websites? Do you have the same problem when you
>> use a transfer tool other than curl?
>>
>
> As a matter of fact I'm not sure if Bluecoat supports this at all. But
> there is no reason why it should not. The outer connection should have
> nothing to do with whatever is going on inside (http or https via
> tunnel (CONNECT)). It is currently configured as a HTTPS Reverse Proxy
> on port 443. That's the only mode where it does not seem to be doing
> any interception. But yeah, that is usually used to forward external
> connections to some internal service, and not the other way round.
>
> I haven't tried all HTTPS websites :) but I have found none that would
> work.
>
> As far as the client goes I haven't tried a client other than Curl,
> no. Curl is kind of the reference. Most browsers don't even allow to
> configure a HTTPS proxy (using their GUI at least), usually one has to
> use PAC file magic or so. Usually they also choke at the first sign of
> trouble with certificates. Before I tackle that (looking for more
> problems) I'd like to confirm it is basically working first.

This sounds like it has to do with the way you configured your proxy. I
suggest ask Bluecoat for help.

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-01-30