On Thu, Jun 13, 2002 at 06:05:34PM +0200, Kambez Sadeq via RT wrote: > Any idea why web browsers such as MSIE and Opera work okay with the server? > I'm guessing that these browsers ignore invalid records.
No, the server (actually a broken proxy to a real server apparently) does not send invalid records under certain conditions. I used s_client to send the following lines and it worked: >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> GET / HTTP/1.1 Host: ebmx.extra.daimlerchrysler.com <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< But when faced with inappropriate "Host" lines, the server behaves erratically. I can connect to it using Netscape, but if I tunnel through localhost (so that the real target host is not named in "Host") I get plaintext error messages; see the following partial connection transcript (the ">>>" lines are an SSL encrypted HTTP request [so you can't read anything], the <<<" lines are the server's response, which is sent in cleartext). >>> 000114 17 03 00 01 26 42 fc 09 da 38 85 b8 60 98 ea b1 ....&B...8..`... >>> 000124 be 49 13 66 71 42 ab 11 b9 25 df 47 f1 d9 69 7c .I.fqB...%.G..i| >>> 000134 a6 f2 72 a0 2e e2 7c 0a 2b 91 a8 e5 6b 77 ef 95 ..r...|.+...kw.. >>> 000144 fe 64 e2 e3 db a6 12 4b 8c 96 ed c4 f9 16 2b 05 .d.....K......+. >>> 000154 9a 4d d6 59 2a f9 cf 68 7d a6 04 ba 87 bd 83 f4 .M.Y*..h}....... >>> 000164 24 16 e9 71 f0 b9 b6 b8 16 e9 16 24 5c c5 a6 8b $..q.......$\... >>> 000174 81 84 14 77 28 4e 4b eb a4 94 13 52 76 c1 5b 39 ...w(NK....Rv.[9 >>> 000184 8e bc 96 6f fa 1c ca 4e ee ec 69 a6 85 7c 7d 6e ...o...N..i..|}n >>> 000194 73 a5 54 8a de 9c 82 2d 9e 25 82 4a 46 3e 06 79 s.T....-.%.JF>.y >>> 0001a4 0c cc 8b 1f c0 9f 5c 95 40 e7 51 b6 d2 38 75 b7 ......\.@.Q..8u. >>> 0001b4 68 91 60 f1 f8 1a c3 d1 97 13 c6 63 28 37 93 65 h.`........c(7.e >>> 0001c4 aa b4 f2 d1 49 6b 5f cf 66 e1 40 cc 66 01 b1 44 ....Ik_.f.@.f..D >>> 0001d4 4e 24 2b 04 23 26 2e bf a1 ff 57 6c 2a 52 01 68 N$+.#&....Wl*R.h >>> 0001e4 3e 99 b7 1b 5e 7b c3 6d 72 6a ce 3e 89 98 9f 38 >...^{.mrj.>...8 >>> 0001f4 17 6d 5a dd 3a f7 52 cd 9b cc 5c a4 a4 83 02 a9 .mZ.:.R...\..... >>> 000204 50 36 32 b2 44 11 f9 45 b7 c7 d8 5f 9d 6c 24 e6 P62.D..E..._.l$. >>> 000214 22 58 9a 01 58 ba 2b a8 f7 d0 ca 78 a8 2b cc d4 "X..X.+....x.+.. >>> 000224 29 75 fd 24 38 1d c6 30 df b5 f0 48 5d cd d2 01 )u.$8..0...H]... >>> 000234 51 21 cf d8 99 ac 6b 3e 1b 66 90 Q!....k>.f. <<< 000c63 48 54 54 50 2f 31 2e 30 20 35 30 30 20 45 72 72 HTTP/1.0 500 Err <<< 000c73 6f 72 20 66 72 6f 6d 20 70 72 6f 78 79 0d 0a 4d or from proxy..M <<< 000c83 69 6d 65 2d 76 65 72 73 69 6f 6e 3a 20 31 2e 30 ime-version: 1.0 <<< 000c93 0d 0a 50 72 6f 78 79 2d 61 67 65 6e 74 3a 20 4e ..Proxy-agent: N <<< 000ca3 65 74 73 63 61 70 65 2d 50 72 6f 78 79 2f 33 2e etscape-Proxy/3. <<< 000cb3 35 33 0d 0a 43 6f 6e 74 65 6e 74 2d 74 79 70 65 53..Content-type <<< 000cc3 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 0d 0a 3c : text/html....< <<< 000cd3 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 3c 54 49 54 HTML>.<HEAD><TIT <<< 000ce3 4c 45 3e 45 72 72 6f 72 3c 2f 54 49 54 4c 45 3e LE>Error</TITLE> <<< 000cf3 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 0a 3c </HEAD>.<BODY>.< <<< 000d03 48 31 3e 45 72 72 6f 72 3c 2f 48 31 3e 0a 3c 42 H1>Error</H1>.<B <<< 000d13 4c 4f 43 4b 51 55 4f 54 45 3e 3c 42 3e 0a 3c 48 LOCKQUOTE><B>.<H <<< 000d23 52 20 53 49 5a 45 3d 34 3e 3c 50 3e 0a 54 68 65 R SIZE=4><P>.The <<< 000d33 20 72 65 71 75 65 73 74 65 64 20 69 74 65 6d 20 requested item <<< 000d43 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 6c 6f 61 could not be loa <<< 000d53 64 65 64 20 62 79 20 74 68 65 20 70 72 6f 78 79 ded by the proxy <<< 000d63 2e 3c 50 3e 0a 54 68 69 73 20 4c 6f 63 61 74 69 .<P>.This Locati <<< 000d73 6f 6e 20 28 55 52 4c 29 20 69 73 20 6e 6f 74 20 on (URL) is not <<< 000d83 72 65 63 6f 67 6e 69 7a 65 64 3a 0a 20 20 66 69 recognized:. fi <<< 000d93 6c 65 3a 2f 0a 0a 43 68 65 63 6b 20 74 68 65 20 le:/..Check the <<< 000da3 4c 6f 63 61 74 69 6f 6e 20 61 6e 64 20 74 72 79 Location and try <<< 000db3 20 61 67 61 69 6e 2e 3c 50 3e 0a 0a 3c 48 52 20 again.<P>..<HR <<< 000dc3 53 49 5a 45 3d 34 3e 0a 3c 2f 42 3e 3c 2f 42 4c SIZE=4>.</B></BL <<< 000dd3 4f 43 4b 51 55 4f 54 45 3e 0a 0a 3c 50 3e 0a 3c OCKQUOTE>..<P>.< <<< 000de3 41 44 44 52 45 53 53 3e 50 72 6f 78 79 20 73 65 ADDRESS>Proxy se <<< 000df3 72 76 65 72 20 61 74 20 6f 64 73 70 6e 70 72 34 rver at odspnpr4 <<< 000e03 2d 68 6d 65 30 2e 65 78 74 72 61 2e 64 61 69 6d -hme0.extra.daim <<< 000e13 6c 65 72 63 68 72 79 73 6c 65 72 2e 63 6f 6d 20 lerchrysler.com <<< 000e23 6f 6e 20 70 6f 72 74 20 34 34 33 3c 2f 41 44 44 on port 443</ADD <<< 000e33 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 RESS>.</BODY></H <<< 000e43 54 4d 4c 3e 0a TML>. -- Bodo Möller <[EMAIL PROTECTED]> PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]