Caddy as Forward Proxy Getting Unknown SSL error


(Chris Short) #1

(Read this, then delete it before you post.) To get the best help possible, please:

  • explain what you are trying to do:

I’m working with a company that has a ZScaler proxy running on localhost. This proxy is poorly configured by an antiquated, slow-moving security team. I am attempting to setup Caddy as a forwarder to help alleviate x509 certificate errors because ZScaler is basically MITM’ing all connections.

Here is my Caddyfile:

*
proxy / http://localhost:9000 http://proxy.company.com:80 {
    policy first
    insecure_skip_verify
    transparent
}
errors proxieserrors.log

The error log is empty. When I curl http sites the proxy works as intended. When I curl https sites the proxy fails with the following output:

curl -Iv https://chrisshort.net
* Rebuilt URL to: https://chrisshort.net/
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 2015 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to chrisshort.net:443
> CONNECT chrisshort.net:443 HTTP/1.1
> Host: chrisshort.net:443
> User-Agent: curl/7.59.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Proxy-Agent: Zscaler/6.0
Proxy-Agent: Zscaler/6.0
< Server: Caddy
Server: Caddy
< Date: Thu, 12 Apr 2018 14:40:48 GMT
Date: Thu, 12 Apr 2018 14:40:48 GMT
< Transfer-Encoding: chunked
Transfer-Encoding: chunked
* Ignoring Transfer-Encoding in CONNECT 200 response
<

* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* CONNECT phase completed!
* CONNECT phase completed!
* Unknown SSL protocol error in connection to chrisshort.net:-9805
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to chrisshort.net:-9805

Has anyone even tried to do something like this? What might the issue here?


(system) #2

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.