Closed imcotton closed 6 years ago
What does the log say? What rule are you using? Have you tried to use an “all” rule?
On 2 Jul 2018, at 12:50, Cotton Hou notifications@github.com wrote:
This happens recently, seems has to do with SNI in SSL?
SpechtLite listening port is 7788 for http proxy and then have 7789 for socks5 proxy another regular socks5 proxy listening on port 8000 for compare SpechtLite http proxy:
curl -vI -x http://localhost:7788 https://ajax.googleapis.com
Rebuilt URL to: https://ajax.googleapis.com/
Trying ::1...
TCP_NODELAY set
Connected to localhost (::1) port 7788 (#0)
Establish HTTP proxy tunnel to ajax.googleapis.com:443
CONNECT ajax.googleapis.com:443 HTTP/1.1 Host: ajax.googleapis.com:443 User-Agent: curl/7.54.0 Proxy-Connection: Keep-Alive
< HTTP/1.1 200 Connection Established <
Proxy replied OK to CONNECT request
Server aborted the SSL handshake
Closing connection 0 curl: (35) Server aborted the SSL handshake SpechtLite socks5 proxy:
curl -vI -x socks5h://localhost:7789 https://ajax.googleapis.com
- Rebuilt URL to: https://ajax.googleapis.com/
- Trying ::1...
- TCP_NODELAY set
- SOCKS5 communication to ajax.googleapis.com:443
- SOCKS5 request granted.
- Connected to localhost (::1) port 7789 (#0)
- Server aborted the SSL handshake
- Closing connection 0 curl: (35) Server aborted the SSL handshake Regular socks5 proxy
curl -vI -x socks5h://localhost:8000 https://ajax.googleapis.com
- Rebuilt URL to: https://ajax.googleapis.com/
- Trying ::1...
- TCP_NODELAY set
- SOCKS5 communication to ajax.googleapis.com:443
- SOCKS5 request granted.
- Connected to localhost (::1) port 60000 (#0)
- TLS 1.2 connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- Server certificate: *.googleapis.com
- Server certificate: Google Internet Authority G3
- Server certificate: GlobalSign
HEAD / HTTP/1.1 Host: ajax.googleapis.com User-Agent: curl/7.54.0 Accept: /
< HTTP/1.1 302 Found < Location: https://developers.google.com/speed/libraries/devguide < Cache-Control: private < Content-Type: text/html; charset=UTF-8 < X-Content-Type-Options: nosniff < Date: Mon, 02 Jul 2018 04:28:56 GMT < Server: sffe < Content-Length: 251 < X-XSS-Protection: 1; mode=block
<
- Connection #0 to host localhost left intact — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
log says
Request: ajax.googleapis.com Type: SpeedAdapter Rule:
my rules are mostly from sample of readme file
just changed to only use the all
rule, got the same result
Try not to use speed adapter
On 2 Jul 2018, at 21:23, Cotton Hou notifications@github.com wrote:
log says
Request: ajax.googleapis.com Type: SpeedAdapter Rule:
my rules are mostly from sample of readme file just changed to only use the all rule, got the same result
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
Try not to use speed adapter
That did the trick, thanks a lot!
Oddly my rules has not been changed for a long time, yet only recently this behavior occurred, and to this domain particular.
Shall I close this issue or leave it opened for further investigation (in case you might have clues in mind)?
You should check what the domain resolve to, is it a genuine address? If it’s not, can you connect to it?
On 2 Jul 2018, at 21:49, Cotton Hou notifications@github.com wrote:
Try not to use speed adapter
That did the trick, thanks a lot!
Oddly my rules has not been changed for a long time, yet only recently this behavior occurred, and to this domain particular.
Shall I close this issue or leave it opened for further investigation (in case you might have clues in mind)?
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
This domain is legit, trying to get things like
https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Where lots of 3rd-party sites have been using.
It is this site specifically been giving me the trouble.
Try dig ajax.googleapis.com
On 2 Jul 2018, at 22:00, Cotton Hou notifications@github.com wrote:
This domain is legit, trying to get things like
https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js Where lots of 3rd-party sites have been using.
It is this site specifically been giving me the trouble.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
dig ajax.googleapis.com
; <<>> DiG 9.8.3-P1 <<>> ajax.googleapis.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53404
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ajax.googleapis.com. IN A
;; ANSWER SECTION:
ajax.googleapis.com. 1041 IN CNAME googleapis.l.google.com.
googleapis.l.google.com. 300 IN A 172.217.24.10
googleapis.l.google.com. 300 IN A 216.58.200.42
googleapis.l.google.com. 300 IN A 172.217.160.74
googleapis.l.google.com. 300 IN A 216.58.200.234
googleapis.l.google.com. 300 IN A 172.217.27.138
googleapis.l.google.com. 300 IN A 172.217.160.106
;; Query time: 16 msec
;; SERVER: 192.168.11.1#53(192.168.11.1)
;; WHEN: Mon Jul 2 22:06:24 2018
;; MSG SIZE rcvd: 167
Try telnet or nc to these address, see if you can connect to any.
On 2 Jul 2018, at 22:08, Cotton Hou notifications@github.com wrote:
dig ajax.googleapis.com
; <<>> DiG 9.8.3-P1 <<>> ajax.googleapis.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53404 ;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;ajax.googleapis.com. IN A
;; ANSWER SECTION: ajax.googleapis.com. 1041 IN CNAME googleapis.l.google.com. googleapis.l.google.com. 300 IN A 172.217.24.10 googleapis.l.google.com. 300 IN A 216.58.200.42 googleapis.l.google.com. 300 IN A 172.217.160.74 googleapis.l.google.com. 300 IN A 216.58.200.234 googleapis.l.google.com. 300 IN A 172.217.27.138 googleapis.l.google.com. 300 IN A 172.217.160.106
;; Query time: 16 msec ;; SERVER: 192.168.11.1#53(192.168.11.1) ;; WHEN: Mon Jul 2 22:06:24 2018 ;; MSG SIZE rcvd: 167 — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
telnet ajax.googleapis.com 443
Trying 216.58.200.42...
Connected to googleapis.l.google.com.
Escape character is '^]'.
The connection has been made, just hard to issue TLS handshake inside telnet I guess.
Try ping this address or visit it directly in browser without proxy.
On 2 Jul 2018, at 22:27, Cotton Hou notifications@github.com wrote:
telnet ajax.googleapis.com 443 Trying 216.58.200.42... Connected to googleapis.l.google.com. Escape character is '^]'. The connection has been made, just hard to issue TLS handshake inside telnet I guess.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
t=65848 [st=0] +SOCKET_ALIVE [dt=8]
--> source_dependency = 118592 (TRANSPORT_CONNECT_JOB)
t=65848 [st=0] +TCP_CONNECT [dt=4]
--> address_list = ["172.217.24.10:443","172.217.160.74:443","172.217.160.106:443"]
t=65848 [st=0] TCP_CONNECT_ATTEMPT [dt=4]
--> address = "172.217.24.10:443"
t=65852 [st=4] -TCP_CONNECT
--> source_address = "192.168.11.65:50948"
t=65853 [st=5] +SOCKET_IN_USE [dt=3]
--> source_dependency = 118591 (SSL_CONNECT_JOB)
t=65853 [st=5] +SSL_CONNECT [dt=3]
t=65853 [st=5] SSL_HANDSHAKE_MESSAGE_SENT
--> hex_encoded_bytes =
01 00 00 C6 03 03 8E F3 56 D2 CD 6F 4E A8 92 27 . .....V..oN..'
6D 8D B2 53 34 2D 34 5C 68 1F A4 9E 69 D5 FE 83 m..S4-4\h...i...
9B 30 D7 C4 6C 5C 00 00 1C 9A 9A C0 2B C0 2F C0 .0..l\ ....+./.
2C C0 30 CC A9 CC A8 C0 13 C0 14 00 9C 00 9D 00 ,.0........ . .
2F 00 35 00 0A 01 00 00 81 2A 2A 00 00 FF 01 00 / 5 .. .** ..
01 00 00 00 00 18 00 16 00 00 13 61 6A 61 78 2E . . . .ajax.
67 6F 6F 67 6C 65 61 70 69 73 2E 63 6F 6D 00 17 googleapis.com .
00 00 00 23 00 00 00 0D 00 14 00 12 04 03 08 04 # . . .....
04 01 05 03 08 05 05 01 08 06 06 01 02 01 00 05 .............. .
00 05 01 00 00 00 00 00 12 00 00 00 10 00 0E 00 .. . . .
0C 02 68 32 08 68 74 74 70 2F 31 2E 31 75 50 00 ..h2.http/1.1uP
00 00 0B 00 02 01 00 00 0A 00 0A 00 08 FA FA 00 . .. . . ...
1D 00 17 00 18 DA DA 00 01 00 . . ... .
--> type = 1
t=65853 [st=5] SOCKET_BYTES_SENT
--> byte_count = 207
t=65856 [st=8] SOCKET_READ_ERROR
--> net_error = -101 (ERR_CONNECTION_RESET)
--> os_error = 54
t=65856 [st=8] SSL_HANDSHAKE_ERROR
--> error_lib = 33
--> error_reason = 101
--> file = "../../net/socket/socket_bio_adapter.cc"
--> line = 154
--> net_error = -101 (ERR_CONNECTION_RESET)
--> ssl_error = 1
t=65856 [st=8] -SSL_CONNECT
--> net_error = -101 (ERR_CONNECTION_RESET)
t=65856 [st=8] -SOCKET_IN_USE
t=65856 [st=8] -SOCKET_ALIVE
Without proxy will get me ERR_CONNECTION_RESET
in the SSL phase for sure.
So for some reason this address is not blocked but the firewall is still actively monitoring the domain in the tls handshake.
There is nothing wrong on spechtlite and you can close the issue.
On 2 Jul 2018, at 22:37, Cotton Hou notifications@github.com wrote:
t=65848 [st=0] +SOCKET_ALIVE [dt=8] --> source_dependency = 118592 (TRANSPORT_CONNECT_JOB) t=65848 [st=0] +TCP_CONNECT [dt=4] --> address_list = ["172.217.24.10:443","172.217.160.74:443","172.217.160.106:443"] t=65848 [st=0] TCP_CONNECT_ATTEMPT [dt=4] --> address = "172.217.24.10:443" t=65852 [st=4] -TCP_CONNECT --> source_address = "192.168.11.65:50948" t=65853 [st=5] +SOCKET_IN_USE [dt=3] --> source_dependency = 118591 (SSL_CONNECT_JOB) t=65853 [st=5] +SSL_CONNECT [dt=3] t=65853 [st=5] SSL_HANDSHAKE_MESSAGE_SENT --> hex_encoded_bytes = 01 00 00 C6 03 03 8E F3 56 D2 CD 6F 4E A8 92 27 . .....V..oN..' 6D 8D B2 53 34 2D 34 5C 68 1F A4 9E 69 D5 FE 83 m..S4-4\h...i... 9B 30 D7 C4 6C 5C 00 00 1C 9A 9A C0 2B C0 2F C0 .0..l\ ....+./. 2C C0 30 CC A9 CC A8 C0 13 C0 14 00 9C 00 9D 00 ,.0........ . . 2F 00 35 00 0A 01 00 00 81 2A 2A 00 00 FF 01 00 / 5 .. .** .. 01 00 00 00 00 18 00 16 00 00 13 61 6A 61 78 2E . . . .ajax. 67 6F 6F 67 6C 65 61 70 69 73 2E 63 6F 6D 00 17 googleapis.com . 00 00 00 23 00 00 00 0D 00 14 00 12 04 03 08 04 # . . ..... 04 01 05 03 08 05 05 01 08 06 06 01 02 01 00 05 .............. . 00 05 01 00 00 00 00 00 12 00 00 00 10 00 0E 00 .. . . . 0C 02 68 32 08 68 74 74 70 2F 31 2E 31 75 50 00 ..h2.http/1.1uP 00 00 0B 00 02 01 00 00 0A 00 0A 00 08 FA FA 00 . .. . . ... 1D 00 17 00 18 DA DA 00 01 00 . . ... . --> type = 1 t=65853 [st=5] SOCKET_BYTES_SENT --> byte_count = 207 t=65856 [st=8] SOCKET_READ_ERROR --> net_error = -101 (ERR_CONNECTION_RESET) --> os_error = 54 t=65856 [st=8] SSL_HANDSHAKE_ERROR --> error_lib = 33 --> error_reason = 101 --> file = "../../net/socket/socket_bio_adapter.cc" --> line = 154 --> net_error = -101 (ERR_CONNECTION_RESET) --> ssl_error = 1 t=65856 [st=8] -SSL_CONNECT --> net_error = -101 (ERR_CONNECTION_RESET) t=65856 [st=8] -SOCKET_IN_USE t=65856 [st=8] -SOCKET_ALIVE Without proxy will get me ERR_CONNECTION_RESET in the SSL phase for sure.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
Okay, thanks for helping out 👍
This happens recently, seems has to do with SNI in SSL?
7788
for http proxy7789
for socks5 proxy8000
for compareSpechtLite http proxy:
SpechtLite socks5 proxy:
Regular socks5 proxy