我的自定义代理服务器上的SSL（HTTPS）错误 [英] SSL (https) error on my custom proxy server

问题描述

这是我的模式码！当我从Firefox发送HTTP请求，它做工精细！但是当我尝试HTTPS的Firefox这个回复：

here's i mode code!  when i send http request from firefox it work fine! but when i try https firefox reply with this:

要mail.yahoo.com在连接过程中发生错误。
SSL收到了创纪录与未知的内容类型。
（错误代码：ssl_error_rx_unknown_record_type）

An error occurred during a connection to mail.yahoo.com. SSL received a record with an unknown content type. (Error code: ssl_error_rx_unknown_record_type)

我调试它成功地连接到HTTPS和recive字节代码，但是当它传递它插座它将拒绝：

I debug the code it successfully connect to https and recive the bytes but when it pass it to socket it will reject:

Tehre是在8080的监听器，我的代码是：

Tehre's a listener on 8080, and my code is:

ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications);
            System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
            CookieContainer cookie = new CookieContainer();
            if (strClientConnection.Contains("443")) {
                strClientConnection = "https://" + strClientConnection.Replace(":443",""); 
            };
            HttpWebRequest request = (HttpWebRequest)WebRequest.Create(strClientConnection);
            request.CookieContainer = cookie;
            request.KeepAlive = true;
            request.Timeout = 120000;
            request.AllowAutoRedirect = true;
            request.ReadWriteTimeout = 120000;
            request.Method = "POST";
            {
                using (HttpWebResponse myWebResponse = (HttpWebResponse)request.GetResponse())
                {
                    bool isSuccess = (int)myWebResponse.StatusCode < 299 && (int)myWebResponse.StatusCode >= 200;
                    if (isSuccess)
                    {
                        using (Stream reader = myWebResponse.GetResponseStream())
                        {
                            int BytesRead = 0;
                            Byte[] Buffer = new Byte[32];
                            int BytesSent = 0;
                            BytesRead = reader.Read(Buffer, 0, 32);

                            while (BytesRead != 0)
                            {
                                m_sockClient.Send(Buffer, BytesRead, 0);
                                BytesSent += BytesRead;
                                BytesRead = reader.Read(Buffer, 0, 32);
                            }
                        }
                    }
                }
            }

推荐答案

这是HTTP代理通常不会使HTTPS请求本身（除非它是专门设计，使一个官方中间人攻击）。

An HTTP proxy normally does not make the HTTPS request itself (unless it's specifically designed to make an "official" Man-In-The-Middle attack).

HTTP客户端（包括浏览器）使用HTTP 连接方法来告诉代理服务器有效，在转发整个HTTPS请求（ SSL / TLS）隧道到目标HTTPS服务器。

HTTP clients (including browsers) use the HTTP CONNECT method to tell the proxy server to forward the entire HTTPS request (effectively, the SSL/TLS) tunnel to the target HTTPS server.

当你在你代理一个连接请求（比方说连接host.example.org:443 ），你应该做一个直接的TCP连接 host.example.org:443 和继电器及其内容（双向）浏览器，没有改变。

When you get a CONNECT request on your proxy (say CONNECT host.example.org:443), you should make a direct TCP connection to host.example.org:443 and relay its content (both ways) to the browser, without alteration.

这篇关于我的自定义代理服务器上的SSL（HTTPS）错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！