Transparent Proxy Issue with SSL

2019-08-19 07:41发布

I have a RHEL5 server in a private zone. I've set up a transparent proxy for ports 80 and 443. When I try a wget on 443, I get the following:

# wget -O- https://www.google.com
  --2013-02-14 15:16:50--  https://www.google.com/
  Resolving www.google.com... 74.125.129.147, 74.125.129.104, 74.125.129.106, ...
  Connecting to www.google.com|74.125.129.147|:443... connected.
  OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
  Unable to establish SSL connection.

I assume the proxy works because it's connecting. I don't know what else could be causing this.

1条回答
Fickle 薄情
2楼-- · 2019-08-19 08:33

This OpenSSL error indicates that wget sent the initial SSL ClientHello message, but gets an unexpected response from the server (or proxy) which was not an SSL ServerHello message.

This can be because the proxy speaks plain HTTP with the client, instead of HTTPS, because of a configuration error (e.g. with squid if port 443 is redirected to a http_port instead of https_port with the transparent option), or because it does not support transparent proxying of SSL at all. To debug, you may try connecting to http://www.google.com:443/ to see what happens. To know what's going on, you might want to run tcpdump while connecting to see what the server responds with. Also check the error log of your transparent proxy.

Without the transparent proxy configuration it is hard to tell what the problem is.

查看更多
登录 后发表回答