I tried this config:
sslVersion = all options = NO_SSLv2 [myproxy] client = yes accept = 127.0.0.1:8080 connect = 192.168.10.111:443 And got this: 2016.07.22 02:10:01 LOG5[main]: Configuration successful 2016.07.22 02:10:01 LOG7[main]: Listening file descriptor created (FD=932) 2016.07.22 02:10:01 LOG7[main]: Option SO_EXCLUSIVEADDRUSE set on accept socket 2016.07.22 02:10:01 LOG7[main]: Service [secproxy] (FD=932) bound to 127.0.0.1:8080 2016.07.22 02:10:01 LOG7[main]: Signal pipe is empty 2016.07.22 02:10:50 LOG7[main]: Found 1 ready file descriptor(s) 2016.07.22 02:10:50 LOG7[main]: FD=516 ifds=r-x ofds=--- 2016.07.22 02:10:50 LOG7[main]: Service [secproxy] accepted (FD=972) from 127.0.0.1:22000 2016.07.22 02:10:50 LOG7[main]: Creating a new thread 2016.07.22 02:10:50 LOG7[main]: New thread created 2016.07.22 02:10:50 LOG7[7]: Service [secproxy] started 2016.07.22 02:10:50 LOG7[7]: Option TCP_NODELAY set on local socket 2016.07.22 02:10:50 LOG5[7]: Service [secproxy] accepted connection from 127.0.0.1:22000 2016.07.22 02:10:50 LOG6[7]: s_connect: connecting 192.168.10.111:443 2016.07.22 02:10:50 LOG7[7]: s_connect: s_poll_wait 192.168.10.111:443: waiting 10 seconds 2016.07.22 02:10:51 LOG5[7]: s_connect: connected 192.168.10.111:443 2016.07.22 02:10:51 LOG5[7]: Service [secproxy] connected remote server from 10.10.14.16:22001 2016.07.22 02:10:51 LOG7[7]: Option TCP_NODELAY set on remote socket 2016.07.22 02:10:51 LOG7[7]: Remote descriptor (FD=936) initialized 2016.07.22 02:10:51 LOG6[7]: SNI: sending servername: 192.168.10.111 2016.07.22 02:10:51 LOG6[7]: Peer certificate not required 2016.07.22 02:10:51 LOG7[7]: SSL state (connect): before/connect initialization 2016.07.22 02:10:51 LOG7[7]: SSL state (connect): SSLv2/v3 write client hello A 2016.07.22 02:10:51 LOG7[7]: SSL state (connect): SSLv3 read server hello A 2016.07.22 02:10:51 LOG6[7]: Certificate verification disabled 2016.07.22 02:10:51 LOG6[7]: Certificate verification disabled 2016.07.22 02:10:51 LOG7[7]: SSL state (connect): SSLv3 read server certificate A 2016.07.22 02:10:51 LOG7[7]: SSL state (connect): SSLv3 read server key exchange A 2016.07.22 02:10:51 LOG6[7]: Client certificate not requested 2016.07.22 02:10:51 LOG7[7]: SSL state (connect): SSLv3 read server done A 2016.07.22 02:10:51 LOG7[7]: SSL state (connect): SSLv3 write client key exchange A 2016.07.22 02:10:51 LOG7[7]: SSL state (connect): SSLv3 write change cipher spec A 2016.07.22 02:10:51 LOG7[7]: SSL state (connect): SSLv3 write finished A 2016.07.22 02:10:51 LOG7[7]: SSL state (connect): SSLv3 flush data 2016.07.22 02:10:51 LOG7[7]: SSL state (connect): SSLv3 read server session ticket A 2016.07.22 02:10:51 LOG7[7]: SSL state (connect): SSLv3 read finished A 2016.07.22 02:10:51 LOG7[7]: 1 client connect(s) requested 2016.07.22 02:10:51 LOG7[7]: 1 client connect(s) succeeded 2016.07.22 02:10:51 LOG7[7]: 0 client renegotiation(s) requested 2016.07.22 02:10:51 LOG7[7]: 0 session reuse(s) 2016.07.22 02:10:51 LOG6[7]: SSL connected: new session negotiated 2016.07.22 02:10:51 LOG7[7]: Peer certificate was cached (1895 bytes) 2016.07.22 02:10:51 LOG6[7]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption) 2016.07.22 02:10:51 LOG7[7]: Compression: null, expansion: null 2016.07.22 02:10:51 LOG6[7]: SSL socket closed (SSL_read) 2016.07.22 02:10:51 LOG7[7]: Sent socket write shutdown 2016.07.22 02:10:51 LOG5[7]: Connection closed: 517 byte(s) sent to SSL, 2428 byte(s) sent to socket 2016.07.22 02:10:51 LOG7[7]: Remote descriptor (FD=936) closed 2016.07.22 02:10:51 LOG7[7]: Local descriptor (FD=972) closed 2016.07.22 02:10:51 LOG7[7]: Service [secproxy] finished (0 left) 2016.07.22 02:10:51 LOG4[7]: Possible memory leak at .\crypto\asn1\tasn_new.c:179: 58151 allocations 2016.07.22 02:10:51 LOG4[7]: Possible memory leak at .\crypto\asn1\asn1_lib.c:408: 55033 allocations 2016.07.22 02:10:51 LOG4[7]: Possible memory leak at .\crypto\asn1\a_object.c:346: 45704 allocations 2016.07.22 02:10:51 LOG4[7]: Possible memory leak at .\crypto\asn1\a_object.c:315: 45704 allocations 2016.07.22 02:10:51 LOG4[7]: Possible memory leak at .\crypto\asn1\asn1_lib.c:372: 42431 allocations 22.07.2016, 04:53, "Kirill Franko" <[email protected]>: > Hi guys! > I have SSL-proxy server which send me error "ssl handshake failure" in > browser and other proxy-tools. > But when I use ncat or openssl-tool the proxy work fine. > > When i'm trying to use direct remoteSSLproxy.com as HTTPS-proxy (in Firefox > for example) I'm getting an error: > > HTTP/1.0 500 handshakefailed > Via: 1.0 192.168.10.111 (Web Gateway) > Connection: Close > Content-Type: text/html > Cache-Control: no-cache > Content-Length: 1944 > > But when I'm connecting with openssl(openssl s_client -connect > remoteSSLproxy.com:443 -tls1) or ncat (ncat --ssl remoteSSLproxy.com:443) > proxy working fine. > > Please help me to make working tunnel. > I think I need tunnel like below: > localhost->localhostSSLtl > s1:443->remoteSSLproxy.com:443 > > Working examples: > openssl s_client -connect remoteSSLproxy.com:443 -tls1 > openssl s_client -connect remoteSSLproxy.com:443 -cipher HIGH > openssl s_client -connect remoteSSLproxy.com:443 -cipher MEDIUM > > Not working: > $ openssl s_client -connect remoteSSLproxy.com:443 -cipher LOW > CONNECTED(00000003) > 17269:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert > handshake > failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/ssl/s23_clnt.c:593: > > Not working: > $ openssl s_client -connect remoteSSLproxy.com:443 -ssl2 > CONNECTED(00000003) > 17261:error:140EC11B:SSL routines:SSL2_READ_INTERNAL:illegal > padding:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/ssl/s2_pkt.c:243: > > Not working: > $ openssl s_client -connect remoteSSLproxy.com:443 -ssl3 > CONNECTED(00000003) > 17262:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake > failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/ssl/s3_pkt.c:1145:SSL > alert number 40 > 17262:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake > failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/ssl/s3_pkt.c:566: > > Thanks! > , > > _______________________________________________ > stunnel-users mailing list > [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
