curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

TLS handshake failures on socks proxy

From: Anand Sridharan via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 14 Apr 2020 16:49:49 -0700

Hi Curl lib support,

we are trying to add tls support to socks proxy as part of that we are
trying to complete initial TLS handshake.

we are trying to run openssl s_server on loopback interface to verify
changes

we tried two methods both are resulting in fatal error alert from server.

Method 1 - use existing api's used for http proxy but remove any conditions
specific for HTTPS proxy.(wireshark: lo_sslversion.pcap)

   - SSL upgrade of existing socket using curl API’s
   curl_ssl_connect_nonblocking and curl_ssl_init_proxy for TLS handshake
   - Fatal alert: protocol version

Method 2- use new SSL context init and add certificates/key manually, do
simple ssl_connect on sockfd (wireshark: inverse_server_client_l0.pcap)

   - SSL_set_fd(ssl, sockfd) and SSL_connect(ssl) are used.
      - Fatal alert illegal parameter.

Commands used:
server: openssl s_server --accept 1080 -cert certificate1.pem -key key1.pem
client: curl -v -g -k --proxy socks5://127.0.0.1:1080
https://www.google.com

thanks,

Anand.S

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html

Received on 2020-04-15