Quantcast

OpenSSL client through proxy

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

OpenSSL client through proxy

Andrey P.
Hello.

I have to connect to my OpenSSL server through proxy server. How can I establish this connection?

Thanks.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

No Shared Cipher

Parag Jhavery
Hi Friends,

I am facing some difficulties with OpenSSL implementation and am stuck at
handshake failure.
I have created a normal .exe (which acts as a server) which opens port 36003
and loads the required certificate and private key and waits for any
incoming connection.
Once I recieve connection request from the client and connection is accepted
using the funtion BIO_do_accept, the handshake process fails. I am using the
function BIO_do_handshake() for this.
The reason for failure I get is "No shared cipher".
I found a function which allows us to set the list of ciper suites that we
authorize our SSL object to use. The function is
SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) where ctx is the
context and *str is the list of ciper suites for e.g. str could be
"ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH".
I found that the client uses RC4_MD5 & RC4_SHA cipher suites. How to ensure
that my SSL context object uses the same cipher suite.
What string should I pass to SSL_CTX_set_cipher_list??? For e.g.
SSL_CTX_set_cipher_list(ctx, "MD5!SHA") ???
 
Do let me know, if I have not been clear on the above issue

Thanks,
Parag


The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.

www.wipro.com

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: No Shared Cipher

Marek.Marcola
Hello,
> I am facing some difficulties with OpenSSL implementation and am stuck
at
> handshake failure.
> I have created a normal .exe (which acts as a server) which opens port
36003
> and loads the required certificate and private key and waits for any
> incoming connection.
> Once I recieve connection request from the client and connection is
accepted
> using the funtion BIO_do_accept, the handshake process fails. I am using
the
> function BIO_do_handshake() for this.
> The reason for failure I get is "No shared cipher".
> I found a function which allows us to set the list of ciper suites that
we
> authorize our SSL object to use. The function is
> SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) where ctx is the
> context and *str is the list of ciper suites for e.g. str could be
> "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH".
> I found that the client uses RC4_MD5 & RC4_SHA cipher suites. How to
ensure
> that my SSL context object uses the same cipher suite.
> What string should I pass to SSL_CTX_set_cipher_list??? For e.g.
> SSL_CTX_set_cipher_list(ctx, "MD5!SHA") ???
Server enforces allowable ciphers. You set at server side ciphers
that you trust and client must support one of your ciphers or you
disconnect.
You may just add using SSL_CTX_set_cipher_list() supported by server
ciphers.
To list/test ciphers strings you may user openssl command.
For example to list what ALL means you may execute:
  $ openssl ciphers -v ALL
or to test what "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH" means:
  $ openssl ciphers -v 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'
and next you may build your own ciphers list.

Best regards,
--
Marek Marcola <[hidden email]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenSSL client through proxy

Marek.Marcola
In reply to this post by Andrey P.
Hello,
> I have to connect to my OpenSSL server through proxy server. How can I
establish this connection?
Establish tcp connection through proxy (connect, socks5, transparent,
reverse or any other)
and next run SSL on this tcp connection.

Best regards,
--
Marek Marcola <[hidden email]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenSSL client through proxy

Andrey P.
In reply to this post by Andrey P.


26.02.08, 23:23, [hidden email]:

> Hello,
> > I have to connect to my OpenSSL server through proxy server. How can I
> establish this connection?
> Establish tcp connection through proxy (connect, socks5, transparent,
> reverse or any other)
> and next run SSL on this tcp connection.
> Best regards,
> --
> Marek Marcola <[hidden email]>

Thanks for the answer. I'm a newbie in TCP/SSL programming. Would you suggest any library or function names to use "connect" or "transparent". May be it is supported by OpenSSL?.. or another C/C++ library.

Thanks a lot.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: OpenSSL client through proxy

JoelKatz

> 26.02.08, 23:23, [hidden email]:
>
> > Hello,
> > > I have to connect to my OpenSSL server through proxy server.
> How can I
> > establish this connection?
> > Establish tcp connection through proxy (connect, socks5, transparent,
> > reverse or any other)
> > and next run SSL on this tcp connection.
> > Best regards,
> > --
> > Marek Marcola <[hidden email]>
>
> Thanks for the answer. I'm a newbie in TCP/SSL programming. Would
> you suggest any library or function names to use "connect" or
> "transparent". May be it is supported by OpenSSL?.. or another
> C/C++ library.

Could you give us some kind of idea what it is you are trying to do so that
we can give you more precise instructions? Is the proxy being used by the
server or the client? What kind of proxy? Do you have a proxy or need a
proxy? If you have a proxy, what kind of proxy? If you need a proxy, why?

You are straining everyone's ESP here.

DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenSSL client through proxy

Andrey P.
In reply to this post by Andrey P.
Excuse me that my question is too much general.
The situation is like this: I have a client computer in a local network that is behind proxy server so it can not see a SSLServer directly. The SSL server is in Internet area. The type of proxy server is HTTP proxy. The task is a SSL data communication between local client and internet SSL-server. SSL port at the server is opened (without proxy). Of course, I'm using OpenSSL library.
The SSL client trying to connect using "BIO_set_conn_hostname(bio, server_host_port)". Thus, I need to find appropriate functions in the OpenSSL library to setup proxy configuration for the client... or find other solution.


27.02.08, 12:32, "David Schwartz" <[hidden email]>:

> > 26.02.08, 23:23, [hidden email]:
> >
> > > Hello,
> > > > I have to connect to my OpenSSL server through proxy server.
> > How can I
> > > establish this connection?
> > > Establish tcp connection through proxy (connect, socks5, transparent,
> > > reverse or any other)
> > > and next run SSL on this tcp connection.
> > > Best regards,
> > > --
> > > Marek Marcola <[hidden email]>
> >
> > Thanks for the answer. I'm a newbie in TCP/SSL programming. Would
> > you suggest any library or function names to use "connect" or
> > "transparent". May be it is supported by OpenSSL?.. or another
> > C/C++ library.
> Could you give us some kind of idea what it is you are trying to do so that
> we can give you more precise instructions? Is the proxy being used by the
> server or the client? What kind of proxy? Do you have a proxy or need a
> proxy? If you have a proxy, what kind of proxy? If you need a proxy, why?
> You are straining everyone's ESP here.
> DS
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: OpenSSL client through proxy

Shaw Graham George

You need to open a socket to the proxy server and send it an HTTP
CONNECT request.

If the proxy server sends back an OK reply, then it has opened a socket
to the proxy.  After that the proxy acts as a port forwarder, so you can
continue your SSL dialog with the proxy as if it was the SSL server.

You should be able to Google the details.

G.


-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Andrey Petrashenko
Sent: 27 February 2008 12:32
To: [hidden email]
Subject: Re: OpenSSL client through proxy

Excuse me that my question is too much general.
The situation is like this: I have a client computer in a local network
that is behind proxy server so it can not see a SSLServer directly. The
SSL server is in Internet area. The type of proxy server is HTTP proxy.
The task is a SSL data communication between local client and internet
SSL-server. SSL port at the server is opened (without proxy). Of course,
I'm using OpenSSL library.
The SSL client trying to connect using "BIO_set_conn_hostname(bio,
server_host_port)". Thus, I need to find appropriate functions in the
OpenSSL library to setup proxy configuration for the client... or find
other solution.


27.02.08, 12:32, "David Schwartz" <[hidden email]>:

> > 26.02.08, 23:23, [hidden email]:
> >
> > > Hello,
> > > > I have to connect to my OpenSSL server through proxy server.
> > How can I
> > > establish this connection?
> > > Establish tcp connection through proxy (connect, socks5,
> > > transparent, reverse or any other) and next run SSL on this tcp
> > > connection.
> > > Best regards,
> > > --
> > > Marek Marcola <[hidden email]>
> >
> > Thanks for the answer. I'm a newbie in TCP/SSL programming. Would
> > you suggest any library or function names to use "connect" or
> > "transparent". May be it is supported by OpenSSL?.. or another C/C++

> > library.
> Could you give us some kind of idea what it is you are trying to do so

> that we can give you more precise instructions? Is the proxy being
> used by the server or the client? What kind of proxy? Do you have a
> proxy or need a proxy? If you have a proxy, what kind of proxy? If you
need a proxy, why?
> You are straining everyone's ESP here.
> DS
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Loading...