[GH-ISSUE #270] [BUG] Investigate TLS wrong version error #267

Closed
opened 2026-03-03 19:16:56 +03:00 by kerem · 1 comment
Owner

Originally created by @NghiaTranUIT on GitHub (Sep 3, 2019).
Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/270

🐶 Brief

Some users report that then bug happens when doing SSL handshake with Local docker HTTPS server, which use self-signed certificate. Detail conversation and logs in Gitter.

Preparing request to https://xx.xx.xx.2/rest/sample/submit2
Using libcurl/7.54.0 LibreSSL/2.6.5 zlib/1.2.11 nghttp2/1.24.1
Current time is 2019-09-02T08:21:21.203Z
Disable timeout
Enable automatic URL encoding
Disable SSL validation
Enable cookie sending with jar of 0 cookies
Enable network proxy for https:
Hostname 127.0.0.1 was found in DNS cache
Trying 127.0.0.1...
TCP_NODELAY set
Connected to 127.0.0.1 (127.0.0.1) port 8082 (#25)
Establish HTTP proxy tunnel to .1.*.*:443
CONNECT 10.1.128.2:443 HTTP/1.1
Host: .1.*.2:443
User-Agent: insomnia/6.6.2
Proxy-Connection: Keep-Alive
< HTTP/1.1 200 Connection Established
Proxy replied OK to CONNECT request
ALPN, offering http/1.1
Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
successfully set certificate verify locations:
CAfile: /etc/ssl/cert.pem
CApath: none
TLSv1.2 (OUT), TLS handshake, Client hello (1):
error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number # <- Bug here
stopped the pause stream!
Closing connection 25

👑 Criteria

  • Able to intercept HTTPS request in local https server.
Originally created by @NghiaTranUIT on GitHub (Sep 3, 2019). Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/270 ## 🐶 Brief Some users report that then bug happens when doing SSL handshake with Local docker HTTPS server, which use self-signed certificate. Detail conversation and logs in Gitter. - https://www.johnmackenzie.co.uk/post/creating-self-signed-ssl-certificates-for-docker-and-nginx/ ``` Preparing request to https://xx.xx.xx.2/rest/sample/submit2 Using libcurl/7.54.0 LibreSSL/2.6.5 zlib/1.2.11 nghttp2/1.24.1 Current time is 2019-09-02T08:21:21.203Z Disable timeout Enable automatic URL encoding Disable SSL validation Enable cookie sending with jar of 0 cookies Enable network proxy for https: Hostname 127.0.0.1 was found in DNS cache Trying 127.0.0.1... TCP_NODELAY set Connected to 127.0.0.1 (127.0.0.1) port 8082 (#25) Establish HTTP proxy tunnel to .1.*.*:443 CONNECT 10.1.128.2:443 HTTP/1.1 Host: .1.*.2:443 User-Agent: insomnia/6.6.2 Proxy-Connection: Keep-Alive < HTTP/1.1 200 Connection Established Proxy replied OK to CONNECT request ALPN, offering http/1.1 Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH successfully set certificate verify locations: CAfile: /etc/ssl/cert.pem CApath: none TLSv1.2 (OUT), TLS handshake, Client hello (1): error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number # <- Bug here stopped the pause stream! Closing connection 25 ``` ## 👑 Criteria - [ ] Able to intercept HTTPS request in local https server.
kerem 2026-03-03 19:16:56 +03:00
  • closed this issue
  • added the
    bug
    label
Author
Owner

@NghiaTranUIT commented on GitHub (Sep 5, 2019):

🤯 Changelogs

  • Don't add altName in on-the-fly certificate if it's missing
<!-- gh-comment-id:528176968 --> @NghiaTranUIT commented on GitHub (Sep 5, 2019): ## 🤯 Changelogs - [x] Don't add altName in on-the-fly certificate if it's missing
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/Proxyman#267
No description provided.