Comments (5)
Hello!
The TLS layer seems fine. Maybe check your HTTP headers?
E.
from tlse.
The way curl does is is, it's using ALPN to negotiate HTTP_2 protocol during TLS phase, and then issues a GET request using HTTP/2 header - and then it does get an answer (see bottom of the reply for log).
But if I try to just use HTTP/2 in headers, I am getting:
HTTP/1.1 505 HTTP Version Not Supported
Server: cloudflare
Date: Mon, 06 Mar 2023 12:14:21 GMT
Content-Type: text/html
Content-Length: 185
Connection: close
CF-RAY: -
<html>
<head><title>505 HTTP Version Not Supported</title></head>
<body>
<center><h1>505 HTTP Version Not Supported</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
I don't see any mention of ALPN in TLSe ... do you think it means I can't use it to connect to this particular server?
user@host ~ % curl -v -H "Accept-Encoding: gzip, deflate" -H "Accept: application/json" https://emm-api.com:443/region/ --output out.txt
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 188.114.96.13:443...
* Connected to emm-api.com (188.114.96.13) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
} [316 bytes data]
* (304) (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* (304) (IN), TLS handshake, Unknown (8):
{ [19 bytes data]
* (304) (IN), TLS handshake, Certificate (11):
{ [4211 bytes data]
* (304) (IN), TLS handshake, CERT verify (15):
{ [79 bytes data]
* (304) (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* (304) (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
* ALPN: server accepted h2
* Server certificate:
* subject: CN=*.emm-api.com
* start date: Jan 9 23:37:19 2023 GMT
* expire date: Apr 9 23:37:18 2023 GMT
* subjectAltName: host "emm-api.com" matched cert's "emm-api.com"
* issuer: C=US; O=Let's Encrypt; CN=E1
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* h2h3 [:method: GET]
* h2h3 [:path: /region/]
* h2h3 [:scheme: https]
* h2h3 [:authority: emm-api.com]
* h2h3 [user-agent: curl/7.86.0]
* h2h3 [accept-encoding: gzip, deflate]
* h2h3 [accept: application/json]
* Using Stream ID: 1 (easy handle 0x7f9fb780f200)
> GET /region/ HTTP/2
> Host: emm-api.com
> user-agent: curl/7.86.0
> accept-encoding: gzip, deflate
> accept: application/json
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 200
< date: Mon, 06 Mar 2023 12:16:22 GMT
< content-type: application/json
< cache-control: private
< allow: GET, HEAD, OPTIONS
< x-frame-options: SAMEORIGIN
< vary: Cookie
< x-cache-status: MISS
< content-encoding: gzip
< cf-cache-status: DYNAMIC
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IDQLdvmeoGZvMPVbwwlPY%2FOgOjIbK21O4FR0qkJwuhADz%2F4K9JzS3koncoIZkptFLrC%2FawgN7qgA4kJ5FgdDgwKdZlMWbAOWrEhpY47VQcRsDH4iR95ysR10jtJARQ%3D%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 7a3a878c8875bf80-WAW
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
<
{ [126 bytes data]
100 126 0 126 0 0 758 0 --:--:-- --:--:-- --:--:-- 782
* Connection #0 to host emm-api.com left intact
from tlse.
Actually, I see ALPN in TLSe code ... I was just looking for the wrong string. I'll see if I can make it work now.
from tlse.
See: tls_add_alpn(struct TLSContext *context, const char *alpn)
.
from tlse.
I got it to work.
It's first tls_add_alpn( context, protocol_name ) with "h2" and "http/1.1" (starting with the preferred one), and then, after it's connected, tsl_alpn( context ) to get out the name of the protocol that was successfully negotiated.
Thank you for your help!
from tlse.
Related Issues (20)
- certificate_verify() is not called when using a TSL 1.3 client HOT 1
- Connect (to wikipedia) with V13 succeeds, but cannot read data. V12 works HOT 4
- Failure to connect to SMTP server with STARTTLS HOT 1
- Failure to notice incorrect handshake on SSL_connect
- TLS 1.3 server incompatible with openssl
- LTC_ARGCHK 'b != NULL' HOT 3
- Support for latest libtomcrypt HOT 5
- SSL_read function strange behavior vs openssl's SSL_read HOT 1
- Merge into tomcrypt HOT 2
- what is "for semantic compatibility" means? HOT 1
- Examples expects testcert folder. HOT 1
- HTTPS Server wont respond when using ECDHE-RSA-AES256GCM-SHA384 cipher HOT 1
- Growtopia wont respond when using TLSe HOT 14
- Async sockets. HOT 5
- Tomcrypt version HOT 2
- Is its possible to make HTTPS Proxy using TLSe? HOT 3
- TLSE fails to contact Cloudflare server, where curl works fine, I eliminated every cause I could think of HOT 8
- How do i set TLSe Client Cipher? HOT 2
- TLS 1.3: Early data
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tlse.