mitmproxy: TlsException, handshake error, unsupported protocol

161 Views Asked by Dan Bolser At 24 January 2024 at 13:23

I'm trying to use mitmproxy to talk to a very old server.

$ mitmproxy --version
Mitmproxy: 6.0.2
Python:    3.10.12
OpenSSL:   OpenSSL 3.0.2 15 Mar 2022
Platform:  Linux-6.5.0-14-generic-x86_64-with-glibc2.35

I can connect to the server like this (ssh -L ... in the background):

curl --tls-max 1.1 --ciphers DEFAULT@SECLEVEL=0 -v -k https://localhost:4433

But I can't get my browser to view that (Chrome and FF just refuse to negotiate with the server).

I thought I could use mitmproxy to 'upgrade' the security on the fly, but apparently not...

mitmweb --ssl-insecure then

curl --proxy 127.0.0.1:8080 -k https://localhost:4433

gives:

<html>
            <head>
                <title>502 Bad Gateway</title>
            </head>
            <body>
            <h1>502 Bad Gateway</h1>
            <p>TlsProtocolException(&#x27;Cannot establish TLS with localhost:4433 (sni: localhost): TlsException(&quot;SSL handshake error: Error([(\&#x27;SSL routines\&#x27;, \&#x27;\&#x27;, \&#x27;unsupported protocol\&#x27;)])&quot;)&#x27;)</p>
            </body>
        </html>

EDIT

Setting OPENSSL_CONF like this worked finally (debugged using the same config with curl):

openssl_conf = default_conf

[default_conf]
ssl_conf = ssl_sect
  
[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT:@SECLEVEL=0

then calling OPENSSL_CONF=$PWD/ssl.conf mitmproxy

Original Q&A

mitmproxy: TlsException, handshake error, unsupported protocol

EDIT

There are 0 best solutions below

Related Questions in SSL

Related Questions in CURL

Related Questions in MITMPROXY

Trending Questions

Popular # Hahtags

Popular Questions