Article delegate-en/822 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A820@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: SSLway on NT not working for me..
06 Jun 2000 04:21:49 GMT ysato@etl.go.jp (Yutaka Sato)


On 06/02/00(00:04) you David Akdikmen <pgqbqbdyi-bfkmicbeir3r.ml@ml.delegate.org> wrote
in <_A820@delegate-en.ML_>
 |## SSLway[340](localhost) start## SSLway[340](localhost) accept failed
 |324:error:1407609A:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy
 |request:.\ssl\s23_srvr.c:326:

This message shows your SSLway is working.
The problem is, as shown in the message, caused at SSLeay(0.9.0b)'s
source code "ssl/s23_srvr.c:326" which will be executed when a client
sends a "CONNECT ..." message in ASCII text on a SSL connection,
instead of expected binary CLIENT_HELLO message of SSL protocol.

 |I get this error from IE5 and Netscape 4.7 clients when I try to connect to
 |https://a_local_http_server/ using the DeleGate proxy.

Those clients seem to be sending "CONNECT ..." message because you
are specifying your DeleGate as a "HTTPS(security) proxy" of them.
So called "security proxy" is just a HTTP proxy server which talks
with clients in bare HTTP, then tunnels HTTPS protocol without any
SSL interpretation.

 |dg6_1_11.exe -p443 SERVER=https FCL=sslway MOUNT="/* http://a_http_server/*"

This DeleGate is running as an origin server which talks with
clients in HTTPS/SSL protocol.   Thus you can't use this DeleGate
as a "security proxy".

Cheers,
Yutaka
--
Yutaka Sato <ysato@etl.go.jp> http://www.etl.go.jp/~ysato/   @ @ 
Computer Science Division, Electrotechnical Laboratory      ( - )
1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan            _<   >_

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V