> On May 6, 2015, at 5:16 AM, Jiří Podhorský <podhorsky....@gmail.com> wrote: > > Ok, I redirected port 443 to proxy via iptables. Now the message connect > disapear. I can see in wireshark the connection is redirected correctly. > But when I try to connect via https: > > wget -4 https://www.google.com > --2015-05-06 13:12:07-- https://www.google.com/ > Resolving www.google.com (www.google.com)... 173.194.116.243, > 173.194.116.244, 173.194.116.240, ... > Connecting to www.google.com (www.google.com)|173.194.116.243|:443... > connected. > OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert > handshake failure > Unable to establish SSL connection.
You can’t do that. That would be a man-in-the-middle attack against TLS. If you were to try to do intercepting proxying of TLS, you would also need to generate certificates for all sites that you expect to proxy. E.g. a certificate for www.google.com. — Leif
