trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lei Sun <lei....@gmail.com>
Subject https issue
Date Wed, 02 Dec 2020 23:40:35 GMT
Hi Kit,

I'm trying to set up the trafficserver as an intermediary forward proxy.

For example,
1) http client send request to trafficserver.
2) trafficserver then pass this request to the downstream proxy
3) downstream proxy then route this request to the origin site
4) origin site send data back to the downstream proxy
5) downstream proxy send data back to trafficserver
6) trafficserver send data back to the http client.

I was able to make the entire request chain work if the origin site serves
content directly through HTTP.

> curl --proxy *http*://127.0.0.1:8080 *http*://httpbin.org/get?answer=4a -v


However, I ran into issues when I was trying to request for content served
from HTTPS.

$ curl --proxy *http*://127.0.0.1:8080 *https*://httpbin.org/get?answer=4a
> -v
> *   Trying 127.0.0.1...
> * TCP_NODELAY set
> * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> * Establish HTTP proxy tunnel to httpbin.org:443
> > CONNECT httpbin.org:443 HTTP/1.1
> > Host: httpbin.org:443
> > User-Agent: curl/7.54.0
> > Proxy-Connection: Keep-Alive
> >
> < HTTP/1.1 200 OK
> < Date: Wed, 02 Dec 2020 20:53:31 GMT
> < Proxy-Connection: keep-alive
> < Server: ATS/10.0.0
> <
> * Proxy replied OK to CONNECT request
> * ALPN, offering h2
> * ALPN, offering http/1.1
> * Cipher selection:
> ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
> * successfully set certificate verify locations:
> *   CAfile: /etc/ssl/cert.pem
>   CApath: none
> * *TLSv1.2 (OUT), TLS handshake, Client hello (1):*
> * error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number
> * stopped the pause stream!
> * Closing connection 0
> curl: (35) error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version
> number
>

>From the error message, it seems that curl was able to connect to the
origin server, and even attempted to send the initial TLS handshake, but
somehow the handshake wasn't completed.

Here are my questions.
1) What's likely the cause?
2) How can I fix it.

Thank you!
Lei

Mime
View raw message