TLS handshake failures

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

TLS handshake failures

Anand Sridharan
Hi ,
we are trying to add tls support to socks proxy with Curl as part of that we are trying to complete initial TLS handshake.
we are trying to run openssl s_server on loopback interface to verify changes
we tried two methods both are resulting in fatal error alert from server.

Method 1 - use existing api's used for http proxy but remove any conditions specific for HTTPS proxy.(wireshark: lo_sslversion.pcap)
    • SSL upgrade of existing socket using curl API’s curl_ssl_connect_nonblocking and curl_ssl_init_proxy for TLS handshake
    • Fatal alert: protocol version
Method 2- use new SSL context init and add certificates/key manually, do simple ssl_connect on sockfd (wireshark: inverse_server_client_l0.pcap)
    • SSL_set_fd(ssl, sockfd) and SSL_connect(ssl) are used.
    • Fatal alert illegal parameter.
Commands used:
server: openssl s_server --accept 1080 -cert certificate1.pem -key key1.pem
client: curl -v -g -k --proxy socks5://127.0.0.1:1080  https://www.google.com

could you please help understand this error?

--
thanks,

Anand.S

lo_sslversion.pcap (11K) Download Attachment
inverse_server_client_l0.pcap (13K) Download Attachment