Problems with SSL via Proxy
Mohammed Rakhada (morakhad)
morakhad at cisco.com
Thu Sep 22 10:00:20 UTC 2011
Thanks Dmitry
I will try this out now and give you my feedback.
Regards,
Mohammed Rakhada
-----Original Message-----
From: Dmitry Kurochkin [mailto:dmitry.kurochkin at measurement-factory.com]
Sent: Thu 22/09/2011 10:40
To: Mohammed Rakhada (morakhad); users
Subject: Re: Problems with SSL via Proxy
Hi Mohammed.
On Wed, 21 Sep 2011 20:45:48 +0100, Mohammed Rakhada <morakhad at cisco.com> wrote:
> Hello,
>
> I am having trouble trying to use Web Polygraph with a Proxy.
>
> I seem to have tracked it down to Web Polygraph not sending a Host
> Header with the request and so the Proxy rejects the connections.
>
> I have captured the network traffic during this to see what is happening
> and I can see that for a request sent from my browser the Host Header is
> sent but not when a request comes from Web Polygraph.
>
This is a bug indeed. Polygraph never sends Host header in CONNECT
requests, though RFC 2616 requires client to send Host header in any
HTTP/1.1 request. Apparently, many proxies ignore the missing Host
header and use the URI.
Please try the attached patch and let me know if it helps.
Regards,
Dmitry
> >From Web Polygraph to Proxy:
>
> CONNECT 192.168.29.104:443 HTTP/1.1
> Proxy-Connection: close
>
> >From Browser to Proxy:
>
> CONNECT 192.168.29.104:443 HTTP/1.1
> User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.2.22)
> Gecko/20110905 Ubuntu/10.04 (lucid) Firefox/3.6.22
> Proxy-Connection: keep-alive
> Host: 192.168.29.104
>
> Here is an extract from my polygraph.pg file so you can see what I am
> trying to do. Is there some configuration missing? Been stuck on this
> problem for a while, originally had a problem trying to jsut run basic
> SSL tests. When going direct from Client to Server (no proxy involved),
> web-polygraph runs fine. If you require any further information please
> do let me know.
>
> I am running v 4.4.0.
>
> SslWrap wrap = {
> protocols = [ "SSLv3", "TLSv1" ];
> root_certificate = "/opt/home/user/CA-priv+pub.pem";
> ciphers = [ "ALL:HIGH: !SSLv2: !aNULL: !AES128-SHA: !AES256-SHA:":
> 100% ];
> rsa_key_sizes = [ 512bit, 1024bit, 2048bit ];
> ssl_config_file = "/opt/home/user/myssl.conf";
> session_resumption = 40%;
> session_cache = 100;
> };
>
>
> DnsResolver dr = {
> servers = [ '127.0.0.1:53' ];
> timeout = 5sec;
> };
>
>
> Server PlainServer = {
> kind = "HTTP";
> contents = [ cntJPG: 26%, cntGIF: 28%, cntPNG: 9%, cntPDF:
> 0.05%, cntZIP: 0.22%, cntMalware, cntEXE: 0.43%, cntSWF: 1.9%,
> cntJavascript: 32% ];
> direct_access = contents;
> addresses = [ '192.168.29.104:8080' , '192.168.29.104:80' ];
> };
>
> Server SSL = PlainServer;
>
> SSL = {
> kind = "HTTPS";
> addresses = [ '192.168.29.104:443' ];
> ssl_wraps = [ wrap ];
> };
>
> Robot R = {
> kind = "robot";
> pop_model = { pop_distr = popUnif(); };
> recurrence = 15% ;
> req_rate = 1/sec;
> ssl_wraps = [ wrap ];
> origins = [ PlainServer.addresses, SSL.addresses ];
> http_proxies = [ '192.168.111.42:8080' ];
> addresses = [ '192.168.29.101' ** 200 , '192.168.29.103' ** 5 ,
> '192.168.29.105' ** 2 , '192.168.29.107' ** 200, '192.168.29.109' **
> 200 , '192.168.29.111' ** 200 , '192.168.29.113' ** 200 ,
> '192.168.29.115' ** 200 ];
> };
>
> use (hostnames);
> use (SSL,PlainServer,R);
>
> _______________________________________________
> Users mailing list
> Users at web-polygraph.org
> http://www.web-polygraph.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.web-polygraph.org/pipermail/users/attachments/20110922/a00f56eb/attachment.html>
More information about the Users
mailing list