search

dlundquist / sniproxy

Proxies incoming HTTP and TLS connections based on the hostname contained in the initial request of the TCP session.
BSD 2-Clause "Simplified" License
2.55k stars 397 forks source link

inappropriate fallback error when handshaking #140

Open kenji21 opened 9 years ago

kenji21 commented 9 years ago

Can't connect to a (locally working) nginx :

curl -vv https://git.company.com
* Adding handle: conn: 0x7f96d3003000
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7f96d3003000) send_pipe: 1, recv_pipe: 0
* About to connect() to gitlab.openium.fr port 443 (#0)
*   Trying se.ver.i.p...
* Connected to gitlab.openium.fr (se.ver.i.p) port 443 (#0)
* Server aborted the SSL handshake
* Closing connection 0
curl: (35) Server aborted the SSL handshake

nginx error log indicates :

2014/11/16 11:20:51 [crit] 1839#0: *335 SSL_do_handshake() failed (SSL: error:140A1175:SSL routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback) while SSL handshaking, client: 192.168.0.252, server: 0.0.0.0:443

Using curl without passing by sniproxy of course works.

kenji21 commented 9 years ago

related openssl commit : https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=cf6da05304d554aaa885151451aa4ecaa977e601