Hi , we are trying to add tls support to socks proxy with Curl as part of that we are trying to complete initial TLS handshake. we are trying to run openssl s_server on loopback interface to verify changes we tried two methods both are resulting in fatal error alert from server.
Method 1 - use existing api's used for http proxy but remove any conditions
specific for HTTPS proxy.(wireshark: lo_sslversion.pcap)
- SSL upgrade of existing socket using curl API’s
curl_ssl_connect_nonblocking and curl_ssl_init_proxy for TLS handshake
- Fatal alert: protocol version
Method 2- use new SSL context init and add certificates/key manually, do
simple ssl_connect on sockfd (wireshark: inverse_server_client_l0.pcap)
- SSL_set_fd(ssl, sockfd) and SSL_connect(ssl) are used.
- Fatal alert illegal parameter.
Commands used:
server: openssl s_server --accept 1080 -cert certificate1.pem -key key1.pem
client: curl -v -g -k --proxy socks5://127.0.0.1:1080
https://www.google.com
could you please help understand this error?
--
thanks,
Anand.S
lo_sslversion.pcap
Description: Binary data
inverse_server_client_l0.pcap
Description: Binary data
