'Delhi TIdSSLIOHandlerSocketOpenSSL - how to configure CONNECT parameters
I watch the CONNECT request in Fiddler:
CONNECT site.name:443 HTTP/1.1
Pragma: no-cache
Connection: keep-alive
Host: site.name
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Version: 3.3 (TLS/1.2)
Random: 36 77 2F 45 AE FD E6 98 98 7B 0A 46 DC 90 2B C0 59 75 8E 99 58 6A 30 06 52 AD DF AF DF FB 65 A6
"Time": 13.10.2006 15:23:34
SessionID: empty
Extensions:
server_name site.name
ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2]
supported_groups secp256r1 [0x17], secp521r1 [0x19], unknown [0x1c], unknown [0x1b], secp384r1 [0x18], unknown [0x1a], secp256k1 [0x16], sect571r1 [0xe], sect571k1 [0xd], sect409k1 [0xb], sect409r1 [0xc], sect283k1 [0x9], sect283r1 [0xa]
SessionTicket empty
signature_algs rsa_pkcs1_sha512, dsa_sha512, ecdsa_secp521r1_sha512, rsa_pkcs1_sha384, dsa_sha384, ecdsa_secp384r1_sha384, rsa_pkcs1_sha256, dsa_sha256, ecdsa_secp256r1_sha256, rsa_sha224, dsa_sha224, ecdsa_sha224, rsa_pkcs1_sha1, dsa_sha1, ecdsa_sha1
heartbeat_rfc_6520 01
...
How to change section Extensions
?
The section for System.Net.HttpClient.THTTPClient
is different:
Extensions:
server_name site.name
supported_groups secp384r1 [0x18], secp256r1 [0x17]
ec_point_formats uncompressed [0x0]
signature_algs rsa_pkcs1_sha512, ecdsa_secp521r1_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha1, ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_sha1, dsa_sha1
extended_master_secret empty
renegotiation_info 00
Is it possible to change list supported_groups
, ec_point_formats
or signature_algs
?
Or add value extended_master_secret
to extensions?
I need the requests to match.
Solution 1:[1]
Is that happening with your code play as client or server? With the message you provided, I guess that's a client side code.
You need to connect to the server with domain name, and the HTTP message showed that you wish to connect "site.name", which is not a real domain name, so you could not connect successfully.
That's the primary problem, and if you tried using SSLv3 to connect to HTTPS server, you will need client certificate. But I cannot be sure that's your requirement from the article.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | Dennies Chang |