[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-modssl
Subject: SSL Tunneling over HTTP - unidentified TCP data
From: "Hansknecht, Deborah A" <dahansk () sandia ! gov>
Date: 2000-05-31 19:11:00
[Download RAW message or body]
I am trying to understand the http CONNECT method. I've found no
documentation that really gets down to the nitty-gritty details (I know it's
got to be out there somewhere) and have resorted to sniffing packets. But
the browser is sending a packet with TCP data that I can not identify.
In the scenario I'm trying the browser is configured to use an HTTPS proxy
(Apache 1.3.12, mod-ssl 2.6.4, openssl-0.9.4) and issues an HTTPS request
for a page. The packets I see are
(three way TCP handshake omitted)
browser --> proxy:
(tcpdata) CONNECT .............
proxy----> content-server:
three-way TCP handshake
browser <-- proxy
(tcpdata) HTTP/1.0 200 Connection established.....
browser --> proxy (here's the one I don't understand - I was expecting
"client hello")
(tcpdata) 80 46 01 03 00 00 2d 00 00 00 ...and more for 72 bytes..
proxy --> content-server
(forwards same packet to server, as expected)
proxy <-- content-server
(tcpdata) 16 03 00 04 ca 02 ...and more for 1231 bytes...
this is I believe the server hello
protocol 22 - SSL handshake
version 3.0
length 04ca (1226 - 5 byte header)
type 2 - server hello
browser <-- proxy
same server hello message
When I connect directly to the server (and don't use a proxy) I see packets
containing the SSL handshake starting with a client hello. I have a book SSL
and TLS Essentials (by Stephen Thomas) that I'm using to parse what I think
are the SSL packets, but I can't seem to make sense of this packet that the
browser is sending after receiving the Connection Established message. Is
this packet a client hello? Can an SSL handshake start with a server hello?
Can anyone point me in the right direction? Thanks in advance.
Deborah Hansknecht
Sandia National Laboratories
dahansk@sandia.gov
505 844-6532
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic