'SSL Tunneling over HTTP - unidentified TCP data'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    SSL Tunneling over HTTP - unidentified TCP data
From:       "Hansknecht, Deborah A" <dahansk () sandia ! gov>
Date:       2000-05-31 19:11:00
[Download RAW message or body]

I am trying to understand the http CONNECT method. I've found no
documentation that really gets down to the nitty-gritty details (I know it's
got to be out there somewhere) and have resorted to sniffing packets. But
the browser is sending a packet with TCP data that I can not identify.

In the scenario I'm trying the browser is configured to use an HTTPS proxy
(Apache 1.3.12, mod-ssl 2.6.4, openssl-0.9.4) and issues an HTTPS request
for a page. The packets I see are

(three way TCP handshake omitted)
browser --> proxy:
(tcpdata)	CONNECT .............

		proxy----> content-server:
		three-way TCP handshake

browser <-- proxy
(tcpdata)	HTTP/1.0 200 Connection established.....


browser --> proxy (here's the one I don't understand - I was expecting
"client hello")
(tcpdata)	80 46 01 03 00 00 2d 00 00 00   ...and more for 72 bytes..

		proxy --> content-server
		(forwards same packet to server, as expected)

		proxy <-- content-server
(tcpdata)   16 03 00 04 ca 02	...and more for 1231 bytes...
				   	this is I believe the server hello
				   	protocol 22 - SSL handshake
	                     	version 3.0
                           	length 04ca (1226 - 5 byte header)
					type 2 - server hello

browser <-- proxy
		same server hello message 	

When I connect directly to the server (and don't use a proxy) I see packets
containing the SSL handshake starting with a client hello. I have a book SSL
and TLS Essentials (by Stephen Thomas) that I'm using to parse what I think
are the SSL packets, but I can't seem to make sense of this packet that the
browser is sending after receiving the Connection Established message. Is
this packet a client hello? Can an SSL handshake start with a server hello?
Can anyone point me in the right direction?  Thanks in advance.



Deborah Hansknecht
Sandia National Laboratories
dahansk@sandia.gov
505 844-6532 

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic