Tls Https Request

babycrash · March 7, 2017, 10:19am

i am trying to make https request with golang.

this is my code , state.HandshakeComplete, state.NegotiatedProtocolIsMutual returns true and state.ServerName returns = ‘’

when i write data to tls connection no error returns also tls connection never reply my request.

any help appricated. thanks.

conf := &tls.Config{
    InsecureSkipVerify: true,
    MinVersion:tls.VersionTLS10,
}
//TLS connection
tlsCon, err := tls.Dial("tcp", "youtube.com:443", conf)
if err != nil {
    fmt.Println("SSL Error : " + err.Error())
    return
}

defer tlsCon.Close()

state := tlsCon.ConnectionState()
fmt.Println("SSL ServerName : " + state.ServerName)
fmt.Println("SSL Handshake : ", state.HandshakeComplete)
fmt.Println("SSL Mutual : ", state.NegotiatedProtocolIsMutual)

request = '
CONNECT youtube.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0) Gecko/20100101       Firefox/51.0
Proxy-Connection: close
Connection: close
Host: youtube.com:443

'

n, err = io.WriteString(tlsCon, request)
if err != nil {
    fmt.Println("SSL Write error :", err.Error(), n)
}

n, err = tlsCon.Read(data)
if err != nil {
    fmt.Println("SSL Read error : " + err.Error())
    return
}

calmh · March 7, 2017, 10:27am

You’re attempting a CONNECT method on youtube.com. That’s something typically sent to a proxy - I wouldn’t expect the actual youtube.com web servers to approve of it. You also have an extra line break at the start of your request message.

Why not just http.Get("https://youtube.com/...")?

babycrash · March 7, 2017, 10:31am

this request comes from browser. i want to control http/https connections from my own proxy to block or allow to http/https request

when someone write youtube to address line browser send data over tcp as

CONNECT youtube.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0) Gecko/20100101       Firefox/51.0
Proxy-Connection: close
Connection: close
Host: youtube.com:443

and i wrote this request to the tls connection.

with http connection this flow works as expected but on tls this is not working

nathankerr · March 7, 2017, 10:58am

RFC 7231(RFC 7231 - Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content) describes that CONNECT should:

Establish a tunnel to the server identified by the target resource.

and that it is optional.

Here is an example that will print the result of GETing https://youtube.com to os.Stdout:

package main

import (
	"io"
	"log"
	"net/http"
	"os"
)

func main() {
	log.SetFlags(log.Lshortfile)

	resp, err := http.Get("https://youtube.com")
	if err != nil {
		log.Fatalln(err)
	}

	_, err = io.Copy(os.Stdout, resp.Body)
	if err != nil {
		log.Fatalln(err)
	}

	err = resp.Body.Close()
	if err != nil {
		log.Fatalln(err)
	}
}

Nothing special needs to be done for https. resp is an http.Response. If you need to do special things on the connection, start from http.Client

calmh · March 7, 2017, 11:02am

The browser is requesting that you CONNECT to the youtube server, as you are the proxy. You should not send the CONNECT request onwards towards youtube. You should only establish the connection, respond appropriately to the browser, and connect the two together.

babycrash · March 7, 2017, 11:15am

i understand the work flow but i aint resolve problem yet ,
here is the workflow

1.browser -> proxy : CONNECT youtube.com:443 HTTP/1.1
2.proxy -> youtube : connect…
3.proxy -> browser : HTTP/1.1 200 CONNECT OK
4.browser -> proxy : GET https://youtube.com/ HTTP/1.1
5.proxy -> youtbe : get request…
6.youtbe -> proxy : reply
7.proxy -> browser : reply

now i stuck at 3.step , i think i am going to solve problem but not yet

nathankerr · March 7, 2017, 11:20am

Ah, you are trying to write a proxy. This package might help:

babycrash · March 7, 2017, 11:39am

yes this is exactly what i want to achive basic https capabilites.

system · June 5, 2017, 11:40am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.