'Delhi TIdSSLIOHandlerSocketOpenSSL - how to configure CONNECT parameters

I watch the CONNECT request in Fiddler:

CONNECT site.name:443 HTTP/1.1
Pragma: no-cache
Connection: keep-alive
Host: site.name
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: 36 77 2F 45 AE FD E6 98 98 7B 0A 46 DC 90 2B C0 59 75 8E 99 58 6A 30 06 52 AD DF AF DF FB 65 A6
"Time": 13.10.2006 15:23:34
SessionID: empty
Extensions: 
    server_name site.name
    ec_point_formats    uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2]
    supported_groups    secp256r1 [0x17], secp521r1 [0x19], unknown [0x1c], unknown [0x1b], secp384r1 [0x18], unknown [0x1a], secp256k1 [0x16], sect571r1 [0xe], sect571k1 [0xd], sect409k1 [0xb], sect409r1 [0xc], sect283k1 [0x9], sect283r1 [0xa]
    SessionTicket   empty
    signature_algs  rsa_pkcs1_sha512, dsa_sha512, ecdsa_secp521r1_sha512, rsa_pkcs1_sha384, dsa_sha384, ecdsa_secp384r1_sha384, rsa_pkcs1_sha256, dsa_sha256, ecdsa_secp256r1_sha256, rsa_sha224, dsa_sha224, ecdsa_sha224, rsa_pkcs1_sha1, dsa_sha1, ecdsa_sha1
    heartbeat_rfc_6520  01
...

How to change section Extensions? The section for System.Net.HttpClient.THTTPClient is different:

Extensions: 
    server_name site.name
    supported_groups    secp384r1 [0x18], secp256r1 [0x17]
    ec_point_formats    uncompressed [0x0]
    signature_algs  rsa_pkcs1_sha512, ecdsa_secp521r1_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha1, ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_sha1, dsa_sha1
    extended_master_secret  empty
    renegotiation_info  00

Is it possible to change list supported_groups, ec_point_formats or signature_algs?
Or add value extended_master_secret to extensions? I need the requests to match.



Solution 1:[1]

Is that happening with your code play as client or server? With the message you provided, I guess that's a client side code.

You need to connect to the server with domain name, and the HTTP message showed that you wish to connect "site.name", which is not a real domain name, so you could not connect successfully.

That's the primary problem, and if you tried using SSLv3 to connect to HTTPS server, you will need client certificate. But I cannot be sure that's your requirement from the article.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Dennies Chang