TLS handshake failures on socks proxy
Date: Tue, 14 Apr 2020 16:49:49 -0700
Hi Curl lib support,
we are trying to add tls support to socks proxy as part of that we are
trying to complete initial TLS handshake.
we are trying to run openssl s_server on loopback interface to verify
changes
we tried two methods both are resulting in fatal error alert from server.
Method 1 - use existing api's used for http proxy but remove any conditions
specific for HTTPS proxy.(wireshark: lo_sslversion.pcap)
- SSL upgrade of existing socket using curl API’s
curl_ssl_connect_nonblocking and curl_ssl_init_proxy for TLS handshake
- Fatal alert: protocol version
Method 2- use new SSL context init and add certificates/key manually, do
simple ssl_connect on sockfd (wireshark: inverse_server_client_l0.pcap)
- SSL_set_fd(ssl, sockfd) and SSL_connect(ssl) are used.
- Fatal alert illegal parameter.
Commands used:
server: openssl s_server --accept 1080 -cert certificate1.pem -key key1.pem
client: curl -v -g -k --proxy socks5://127.0.0.1:1080
https://www.google.com
thanks,
Anand.S
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
- application/octet-stream attachment: lo_sslversion.pcap
- application/octet-stream attachment: inverse_server_client_l0.pcap