Alexey Drozdov wrote: > Hi! > > When your setup proxy setting for browsers, they using HTTP CONNECT > method for establish pure tcp-connection via proxy (not for local > resources). > It's seems like: > > Client send HTTP-request to proxy > CONNECT remotehost:port HTTP/1.1 > Host: remotehost:port > > And begin wait HTTP-response like: > HTTP/1.1 200 Connection established > > Then browser send initiate ssl handshake over this pure tcp-channel. > > Your proxy get HTTP-request instead ssl-handshake and fail: > 2572:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy > request:.ssls23_srvr.c:391 > > --- > / Alexey Drozdov
In other words, you switched to SSL too early. The way you did it, how would you know what host and port you were supposed to proxy a connection to?! You have to wait and get the CONNECT request from the client to know what host and port they want a connection to. Then send an HTTP 200 reply, and then begin proxying. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org