mokitoo
commented
4 years ago It's quite strange this issue got resolved after i restart sniproxy again , i still can not figure out reason
Open mokitoo opened 4 years ago
mokitoo
commented
4 years ago It's quite strange this issue got resolved after i restart sniproxy again , i still can not figure out reason
OhmegaStar
commented
4 years ago I think i'm able to create the issue on demand, my exchange server returns same error when going through sniproxy, when going direct the tls is good..
I can see that sniproxy is using ipv6 internally in my domain. so I'm trying to set the ipv4_only resolver mode.
... subject=CN = nosni.contoso.com
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
--
let me know if you need help with more data.
I'm running sniproxy from apt distro on ubuntu server 20.04 openssl from another ubuntu server on v18
Br,
Henrik
shirakun
commented
2 years ago Hi Encounter the same problem.
echo | openssl s_client -host linetv.tw -port 443
CONNECTED(00000005)
140319170957760:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1528:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 311 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---But other domains proxied through sniproxy work fine Restart sniproxy still doesn't fix the problem
In addition, I have 2 other servers When proxying the same domain (using the exact same version and configuration file) Only one of the servers will work
mokitoo
commented
2 years ago Hi Encounter the same problem.
echo | openssl s_client -host linetv.tw -port 443 CONNECTED(00000005) 140319170957760:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1528:SSL alert number 40 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 311 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) ---But other domains proxied through sniproxy work fine Restart sniproxy still doesn't fix the problem
In addition, I have 2 other servers When proxying the same domain (using the exact same version and configuration file) Only one of the servers will work
It might be useful to try force restart(kill -9 pid & service sniproxy start) rather than restart
Sometimes this error is reported when i enter into some specific websites proxied by sniproxy:
ERR_SSL_VERSION_OR_CIPHER_MISMATCHI have followed advice from #300
Set sniproxy‘s resolver to
mode ipv4_onlybut still comes out the same error above.
Both my friend and i have do some tests : We both use chrome in incognito mode to exclude some other effects (cookie and etc), and we use different network , same vps proxy to specific website , my friend get the error above while i visit that website normally.