chisel icon indicating copy to clipboard operation
chisel copied to clipboard
verified publisher icon jpillora

tls fuzz

Open pichwo opened this issue 5 years ago • 0 comments

sorry, i HAVE a problem with socks as shown below ...

tried everything .... cannot tell whas going wrong with my "existing" letsencrypt cert provided for chisel ...

you write "Setting --tls-domain requires port 443" - i cannot use that port since it is occupied and/or also used by "regular" letsencrypt ... do you use special tags or other magic regarding letsencrypt, so an "existing" cert does not work ???

regards w.p. traces shown below ...


SERVER ======================

# cat /rbin/chisel-auth
{ "user:pass": [""] }

# /root/go/bin/chisel server -v --port 6733 --key /rbin/chisel-key --authfile /rbin/chisel-auth --tls-key /etc/letsencrypt/live/***/privkey.pem --tls-cert /etc/letsencrypt/live/***/fullchain.pem --backend https://85.214.250.48:3128 --socks5
2021/01/30 20:29:06 server: users: Loading configuration file /rbin/chisel-auth
2021/01/30 20:29:06 server: Fingerprint ***
2021/01/30 20:29:06 server: User authenication enabled
2021/01/30 20:29:06 server: Reverse proxy enabled
2021/01/30 20:29:06 server: Listening on https://0.0.0.0:6733



CLIENT ======================

$ ~/go/bin/chisel client -v --max-retry-count 1 --fingerprint *** --auth "user:pass" ***:6733 11110:socks
2021/01/30 20:29:21 client: Connecting to ws://***:6733
2021/01/30 20:29:21 client: tun: proxy#127.0.0.1:11110=>socks: Listening
2021/01/30 20:29:21 client: tun: Bound proxies
2021/01/30 20:29:21 client: Connection error: websocket: bad handshake
2021/01/30 20:29:21 client: Retrying in 100ms...
2021/01/30 20:29:22 client: Connection error: websocket: bad handshake (Attempt: 1/1)
2021/01/30 20:29:22 client: Give up
2021/01/30 20:29:22 client: tun: Unbound proxies



$ openssl s_client -connect ***:6733 
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = ***
verify return:1
---
Certificate chain
 0 s:CN = ***
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
***
-----END CERTIFICATE-----
subject=CN = ***

issuer=C = US, O = Let's Encrypt, CN = R3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3544 bytes and written 408 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: D03DF7AE7CE1129EF0EE69FCA704C7AA545826B1CC2632E0D88E54723E803203
    Session-ID-ctx: 
    Resumption PSK: BAB1306AD9389A26DB9E2DC650CF216FAE4A35BDC1516A2B8F5B33C55863D246971309D14925F455178F143377B39113
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 604800 (seconds)
    TLS session ticket:
    [snip]

    Start Time: 1612034970
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
^C

pichwo avatar Jan 30 '21 20:01 pichwo