Comments (7)
Note first that your compiled and rtlinked OpenSSL versions do not match. You should have the same version for both.
I think the error says that the client and sslsplit could not agree on a cipher. sslsplit does not write an "SSL connected from" log for the client.
But, I wonder what the client application is here, which web browser?
from sslsplit.
I've installed it via "brew install sslsplit"
Client is embedded on ARM M3
Server side is free to test
Can it be related to wrong CA cert ?
from sslsplit.
OpenSSL 1.1.0+ versions have removed weak (e.g. export grade) ciphers. See this link and search for the word removed
. I think the ciphers on OpenSSL 1.1.1h/j are stronger than the ones the embedded device supports, hence they cannot agree on it.
I doubt you can upgrade the ssl engine on the embedded device (now I wonder what its ssl engine is). Can you downgrade the OpenSSL on your mac? (I don't think weak ciphers can be enabled on OpenSSL 1.1.0+.)
Btw, it always amazes me to hear compiled and rtlinked version issues with openssl on osx.
from sslsplit.
Perhaps you can rebuild OpenSSL 1.1.1 with the enable-weak-ssl-ciphers option.
from sslsplit.
Great Idea. I will try and let you know. Maybe sslsplit can improve warning messages in such cases.
from sslsplit.
I sniffed working communication and negotiated params was
TLS 1.2
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
/usr/local/Cellar/[email protected]/1.1.1j/bin/openssl ciphers -V |grep 0xC0.0x23 0xC0,0x23 - ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
So I believe it is quite decent
How sslsplit will behave when client do not accept CA ?
from sslsplit.
The openssl alert must be something like "bad certificate", "unknown CA", or "certificate unknown", if the client complains about the CA cert used for forging by sslsplit. See the OpenSSL docs.
from sslsplit.
Related Issues (20)
- Openssl 3.0 HOT 4
- How will sslsplit handle quic? HOT 5
- An error was encountered while using HTTPS spec: peeking did not yield a (truncated) clienthello message, aborting connection HOT 5
- evbuffer_get_length of autossl in environment where sender speed is slower than receiver (Buffer watermarking not working in autossl) HOT 28
- [solved] Problems to build sslsplit HOT 1
- Connection not found in NAT state table, aborting connection HOT 7
- Keep source IP using TPROXY HOT 9
- Error from src bufferevent: 0:- 337092801:193:no shared cipher:20:SSL routines:378:tls_post_process_client_hello HOT 3
- tests fail without network connection HOT 1
- Failed to lookup target ether, without error from logpkt_ether_lookup HOT 7
- Bind to specific interface
- Downloading specific file results in "Terminating connection (out of memory)!" even when unencrypted HOT 3
- intercept localhost traffic HOT 1
- Compiling Statically linked binaries not possible anymore ?
- selective TLS interception HOT 1
- Musl build error: Undefined reference to [`fts_open, fts_read, fts_set, fts_close]
- SSLKEYLOGFILE can not support TLSv1.3 HOT 1
- Cannot intercept protocol in which SSL connection is initiated by the server HOT 17
- Please support a non‑transparent mode…
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sslsplit.