mitmproxy: mitmproxy fails with 'no shared cipher' when forcing specific cipher & TLS v1.2

This is a pretty unique edge case I think, but when I try and proxy to a certain host, mitm proxy fails with:

Client TLS handshake failed. The client may not trust the proxy's certificate for google.com (OpenSSL Error([('SSL routines', '', 'no shared cipher')]))

only when I force BOTH the cipher and tls version to:

  • Cipher to ‘ECDHE-ECDSA-AES128-GCM-SHA256’
  • TLS version to TLS v1.2

The TLS connection with these params forced SUCCEEDS if I DONT pass it through mitmproxy.

If I DO NOT force BOTH these params, it will succeed through mitmproxy.

Example commands to trigger failure (with success via toggling proxy on/off, force cipher on/off, force tls1.2 on/off

Failure case: Curl via mitmproxy, force cipher & TLS version 
$ curl -v https://google.com:443 -k -x http://127.0.0.1:8080 --ciphers ECDHE-ECDSA-AES128-GCM-SHA256 --tlsv1.2 --tls-max 1.2
*   Trying 127.0.0.1:8080...
* Connected to (nil) (127.0.0.1) port 8080 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to 8.219.193.159:443
> CONNECT 8.219.193.159:443 HTTP/1.1
> Host: 8.219.193.159:443
> User-Agent: curl/7.81.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ECDHE-ECDSA-AES128-GCM-SHA256
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.0 (OUT), TLS header, Unknown (21):
* TLSv1.2 (OUT), TLS alert, decode error (562):
* error:0A000126:SSL routines::unexpected eof while reading
* Closing connection 0
curl: (35) error:0A000126:SSL routines::unexpected eof while reading

(mitmproxy logs show "Client TLS handshake failed. The client may not trust the proxy's certificate for 8.219.193.159 (OpenSSL Error([('SSL routines', '', 'no shared cipher')]))")
Failure case: OpenSSL s_client via mitmproxy, force cipher & TLS version 
$ openssl s_client -cipher 'ECDHE-ECDSA-AES128-GCM-SHA256' -connect google.com:443 -proxy 127.0.0.1:8080 -tls1_2 --debug
CONNECTED(00000003)
write to 0x55c7da75c0c0 [0x55c7da761bc0] (65 bytes => 65 (0x41))
0000 - 43 4f 4e 4e 45 43 54 20-67 6f 6f 67 6c 65 2e 63   CONNECT google.c
0010 - 6f 6d 3a 34 34 33 20 48-54 54 50 2f 31 2e 30 0d   om:443 HTTP/1.0.
0020 - 0a 50 72 6f 78 79 2d 43-6f 6e 6e 65 63 74 69 6f   .Proxy-Connectio
0030 - 6e 3a 20 4b 65 65 70 2d-41 6c 69 76 65 0d 0a 0d   n: Keep-Alive...
0040 - 0a                                                .
read from 0x55c7da75c0c0 [0x55c7da760bb0] (4096 bytes => 39 (0x27))
0000 - 48 54 54 50 2f 31 2e 30-20 32 30 30 20 43 6f 6e   HTTP/1.0 200 Con
0010 - 6e 65 63 74 69 6f 6e 20-65 73 74 61 62 6c 69 73   nection establis
0020 - 68 65 64 0d 0a 0d 0a                              hed....
write to 0x55c7da75c0c0 [0x55c7da76d320] (155 bytes => 155 (0x9B))
0000 - 16 03 01 00 96 01 00 00-92 03 03 12 8c 2e 8a 61   ...............a
0010 - d7 46 d6 8c 8f db 28 e2-17 94 39 e7 e6 1e 42 4c   .F....(...9...BL
0020 - 82 9d 90 4a 30 77 b5 40-7b d2 fd 00 00 04 c0 2b   ...J0w.@{......+
0030 - 00 ff 01 00 00 65 00 00-00 0f 00 0d 00 00 0a 67   .....e.........g
0040 - 6f 6f 67 6c 65 2e 63 6f-6d 00 0b 00 04 03 00 01   oogle.com.......
0050 - 02 00 0a 00 0c 00 0a 00-1d 00 17 00 1e 00 19 00   ................
0060 - 18 00 23 00 00 00 16 00-00 00 17 00 00 00 0d 00   ..#.............
0070 - 2a 00 28 04 03 05 03 06-03 08 07 08 08 08 09 08   *.(.............
0080 - 0a 08 0b 08 04 08 05 08-06 04 01 05 01 06 01 03   ................
0090 - 03 03 01 03 02 04 02 05-02 06 02                  ...........
read from 0x55c7da75c0c0 [0x55c7da764103] (5 bytes => 0)
write to 0x55c7da75c0c0 [0x55c7da76d320] (7 bytes => 7 (0x7))
0000 - 15 03 01 00 02 02 32                              ......2
4067867B8F7F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:../ssl/record/rec_layer_s3.c:308:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 39 bytes and written 227 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1676916121
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
read from 0x55c7da75c0c0 [0x55c7da6b6650] (8192 bytes => 0)

(the program exits after printing "read from 0x55c7da75c0c0 [0x55c7da6b6650] (8192 bytes => 0)")
(mitmproxy logs show  "(OpenSSL Error([('SSL routines', '', 'no shared cipher')]))")
Success case: Curl via mitmproxy, force cipher, DO NOT force TLS version 
$ curl -v https://google.com:443 -k -x http://127.0.0.1:8080 --ciphers ECDHE-ECDSA-AES128-GCM-SHA256
*   Trying 127.0.0.1:8080...
* Connected to (nil) (127.0.0.1) port 8080 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to google.com:443
> CONNECT google.com:443 HTTP/1.1
> Host: google.com:443
> User-Agent: curl/7.81.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ECDHE-ECDSA-AES128-GCM-SHA256
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.google.com
*  start date: Feb 18 18:00:15 2023 GMT
*  expire date: Feb 20 18:00:15 2024 GMT
*  issuer: CN=mitmproxy; O=mitmproxy
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x55c27f359e80)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: google.com
> user-agent: curl/7.81.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 301
< location: https://www.google.com/
< content-type: text/html; charset=UTF-8
< date: Mon, 20 Feb 2023 18:03:57 GMT
< expires: Wed, 22 Mar 2023 18:03:57 GMT
< cache-control: public, max-age=2592000
< server: gws
< content-length: 220
< x-xss-protection: 0
< x-frame-options: SAMEORIGIN
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
<
* TLSv1.2 (IN), TLS header, Supplemental data (23):
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>
* Connection #0 to host (nil) left intact
Success case: Curl via mitmproxy, DO NOT force cipher, force TLS version 
$ curl -v https://google.com:443 -k -x http://127.0.0.1:8080 --tlsv1.2 --tls-max 1.2
*   Trying 127.0.0.1:8080...
* Connected to (nil) (127.0.0.1) port 8080 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to google.com:443
> CONNECT google.com:443 HTTP/1.1
> Host: google.com:443
> User-Agent: curl/7.81.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.google.com
*  start date: Feb 18 18:00:15 2023 GMT
*  expire date: Feb 20 18:00:15 2024 GMT
*  issuer: CN=mitmproxy; O=mitmproxy
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x55a9075dce80)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: google.com
> user-agent: curl/7.81.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 301
< location: https://www.google.com/
< content-type: text/html; charset=UTF-8
< date: Mon, 20 Feb 2023 18:04:57 GMT
< expires: Wed, 22 Mar 2023 18:04:57 GMT
< cache-control: public, max-age=2592000
< server: gws
< content-length: 220
< x-xss-protection: 0
< x-frame-options: SAMEORIGIN
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
<
* TLSv1.2 (IN), TLS header, Supplemental data (23):
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>
* Connection #0 to host (nil) left intact
Success case: Curl WITHOUT mitmproxy, force cipher & TLS version 
$ curl -v https://google.com:443 -k --ciphers ECDHE-ECDSA-AES128-GCM-SHA256 --tlsv1.2 --tls-max 1.2
*   Trying 172.217.24.110:443...
* Connected to google.com (172.217.24.110) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ECDHE-ECDSA-AES128-GCM-SHA256
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.google.com
*  start date: Feb  1 19:42:46 2023 GMT
*  expire date: Apr 26 19:42:45 2023 GMT
*  issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x563d9e8a7e80)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: google.com
> user-agent: curl/7.81.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 301
< location: https://www.google.com/
< content-type: text/html; charset=UTF-8
< date: Mon, 20 Feb 2023 18:07:20 GMT
< expires: Wed, 22 Mar 2023 18:07:20 GMT
< cache-control: public, max-age=2592000
< server: gws
< content-length: 220
< x-xss-protection: 0
< x-frame-options: SAMEORIGIN
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
<
* TLSv1.2 (IN), TLS header, Supplemental data (23):
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection #0 to host google.com left intact

Environment Info

I am running mitmweb (but this happens with mitmproxy as well) via:

./mitmweb --mode regular --web-host 0.0.0.0 -vvv --set proxy_debug --ssl-insecure --set console_eventlog_verbosity=debug --set termlog_verbosity=debug

./mitmproxy --version
Mitmproxy: 9.0.1 binary
Python:    3.11.0
OpenSSL:   OpenSSL 3.0.7 1 Nov 2022
Platform:  Linux-5.15.0-60-generic-x86_64-with-glibc2.35

I didn’t try and dig into mitmproxy, but based on my test scenarios, I am fairly confident it must be something with how mitmproxy (or its underlying SSL deps) are handling tls cipher + tls version combos? It works without mitmproxy via curl / openssl though, so not sure…

mitmproxy log in the failure scenario 
[18:10:33.419][127.0.0.1:54978] client connect
[18:10:33.420][127.0.0.1:54978]   >> Start({})
[18:10:33.420][127.0.0.1:54978]     >> Start({})
[18:10:33.421][127.0.0.1:54978]   >> DataReceived(client, b'CONNECT google.com:443 HTTP/1.0\r\nProxy-Connection: Keep-Alive\r\n\r\n')
[18:10:33.421][127.0.0.1:54978]     >> DataReceived(client, b'CONNECT google.com:443 HTTP/1.0\r\nProxy-Connection: Keep-Alive\r\n\r\n')
[18:10:33.421][127.0.0.1:54978]     << NextLayerHook(data=NextLayer:None)
[18:10:33.421][127.0.0.1:54978]   << NextLayerHook(data=NextLayer:None)
[18:10:33.423][127.0.0.1:54978]   >> Reply(NextLayerHook(data=NextLayer:HttpLayer(regular, conns: 1)), None)
[18:10:33.423][127.0.0.1:54978]     >> Reply(NextLayerHook(data=NextLayer:HttpLayer(regular, conns: 1)), None)
[18:10:33.423][127.0.0.1:54978]     [nextlayer] HttpLayer(regular, conns: 1)
[18:10:33.423][127.0.0.1:54978]     >> Start({})
[18:10:33.423][127.0.0.1:54978]       >> Start({})
[18:10:33.423][127.0.0.1:54978]     >> DataReceived(client, b'CONNECT google.com:443 HTTP/1.0\r\nProxy-Connection: Keep-Alive\r\n\r\n')
[18:10:33.424][127.0.0.1:54978]       >> DataReceived(client, b'CONNECT google.com:443 HTTP/1.0\r\nProxy-Connection: Keep-Alive\r\n\r\n')
[18:10:33.424][127.0.0.1:54978]       << Receive(RequestHeaders(stream_id=1, request=Request(CONNECT google.com:443), end_stream=True, replay_flow=None))
[18:10:33.425][127.0.0.1:54978]       >> Start({})
[18:10:33.425][127.0.0.1:54978]       >> RequestHeaders(stream_id=1, request=Request(CONNECT google.com:443), end_stream=True, replay_flow=None)
[18:10:33.425][127.0.0.1:54978]       << HttpConnectHook(flow=<HTTPFlow
        request = Request(CONNECT google.com:443)
        client_conn = Client(127.0.0.1:54978, state=open)
        server_conn = Server(<no address>, state=closed)>)
[18:10:33.425][127.0.0.1:54978]     << HttpConnectHook(flow=<HTTPFlow
[18:10:33.425][127.0.0.1:54978]     << HttpConnectHook(flow=<HTTPFlow
[18:10:33.426][127.0.0.1:54978]   << HttpConnectHook(flow=<HTTPFlow
[18:10:33.428][127.0.0.1:54978]   >> Reply(HttpConnectHook(flow=<HTTPFlow
    request = Request(CONNECT google.com:443)
    client_conn = Client(127.0.0.1:54978, state=open)
    server_conn = Server(<no address>, state=closed)>), None)
[18:10:33.428][127.0.0.1:54978]     >> Reply(HttpConnectHook(flow=<HTTPFlow
[18:10:33.428][127.0.0.1:54978]       >> Reply(HttpConnectHook(flow=<HTTPFlow
[18:10:33.429][127.0.0.1:54978]       << OpenConnection({'connection': Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.CLOSED: 0>, 'transport_protocol': 'tcp'})})
[18:10:33.429][127.0.0.1:54978]     << OpenConnection({'connection': Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.CLOSED: 0>, 'transport_protocol': 'tcp'})})
[18:10:33.429][127.0.0.1:54978]   << OpenConnection({'connection': Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.CLOSED: 0>, 'transport_protocol': 'tcp'})})
[18:10:33.440][127.0.0.1:54978] server connect google.com:443 (172.217.27.14:443)
[18:10:33.440][127.0.0.1:54978]   >> Reply(OpenConnection({'connection': Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestamp_tcp_setup': 1676916633.4401586, 'peername': ('172.217.27.14', 443)})}), None)
[18:10:33.440][127.0.0.1:54978]     >> Reply(OpenConnection({'connection': Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestamp_tcp_s…
[18:10:33.441][127.0.0.1:54978]       >> Reply(OpenConnection({'connection': Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestamp_tcp_s…
[18:10:33.441][127.0.0.1:54978]         >> Start({})
[18:10:33.441][127.0.0.1:54978]       << Send(ResponseHeaders(stream_id=1, response=Response(200, no content), end_stream=True))
[18:10:33.441][127.0.0.1:54978]       >> ResponseHeaders(stream_id=1, response=Response(200, no content), end_stream=True)
[18:10:33.442][127.0.0.1:54978]       << SendData(client, b'HTTP/1.0 200 Connection established\r\n\r\n')
[18:10:33.442][127.0.0.1:54978]     << SendData(client, b'HTTP/1.0 200 Connection established\r\n\r\n')
[18:10:33.442][127.0.0.1:54978]   << SendData(client, b'HTTP/1.0 200 Connection established\r\n\r\n')
[18:10:33.442][127.0.0.1:54978]       << Send(ResponseEndOfMessage(stream_id=1))
[18:10:33.442][127.0.0.1:54978]       >> ResponseEndOfMessage(stream_id=1)
[18:10:33.444][127.0.0.1:54978]   >> DataReceived(client, b'\x16\x03\x01\x00\x96\x01\x00\x00\x92\x03\x03\n\xf3n\t\xbcs\xd4c\xbd\x91\xed\x8c\x1b\xc7\xe1\xb7\xf8\x9f\xea\x12h\x84\x9fs/s)\x15\xe6\x1e\xf5J\x00\x00\x04\xc0+\x00\xff\x01\x00\x00e\x00\x00\x00\x0f\x00\r\x00\x00\ngoogle.com\x00\x0b\x00\x04\x03\x00\x01\x02\x00\n\x00\x0c\x00\n\x00\x1d\x00\x17\x00\x1e\x00\x19\x00\x18\x00#\x00\x00\x00\x16\x00\x00\x00\x17\x00\x00\x00\r\x00*\x00(\x04\x03\x05\x03\x06\x03\x08\x07\x08\x08\x08\t\x08\n\x08\x0b\x08\x04\x08\x05\x08\x06\x04\x01\x05\x01\x06\x01\x03…
[18:10:33.444][127.0.0.1:54978]     >> DataReceived(client, b'\x16\x03\x01\x00\x96\x01\x00\x00\x92\x03\x03\n\xf3n\t\xbcs\xd4c\xbd\x91\xed\x8c\x1b\xc7\xe1\xb7\xf8\x9f\xea\x12h\x84\x9fs/s)\x15\xe6\x1e\xf5J\x00\x00\x04\xc0+\x00\xff\x01\x00\x00e\x00\x00\x00\x0f\x00\r\x00\x00\ngoogle.com\x00\x0b\…
[18:10:33.444][127.0.0.1:54978]       >> DataReceived(client, b'\x16\x03\x01\x00\x96\x01\x00\x00\x92\x03\x03\n\xf3n\t\xbcs\xd4c\xbd\x91\xed\x8c\x1b\xc7\xe1\xb7\xf8\x9f\xea\x12h\x84\x9fs/s)\x15\xe6\x1e\xf5J\x00\x00\x04\xc0+\x00\xff\x01\x00\x00e\x00\x00\x00\x0f\x00\r\x00\x00\ngoogle.com\x00\x0b\…
[18:10:33.445][127.0.0.1:54978]       << Receive(RequestData(stream_id=1, data=b'\x16\x03\x01\x00\x96\x01\x00\x00\x92\x03\x03\n\xf3n\t\xbcs\xd4c\xbd\x91\xed\x8c\x1b\xc7\xe1\xb7\xf8\x9f\xea\x12h\x84\x9fs/s)\x15\xe6\x1e\xf5J\x00\x00\x04\xc0+\x00\xff\x01\x00\x00e\x00\x00\x00\x0f\x00\r\x00\x00\ngoogle.com\x00\x0b\x00\x04\x03\x00\x01\x02\x00\n\x00\x0c\x00\n\x00\x1d\x00\x17\x00\x1e\x00\x19\x00\x18\x00#\x00\x00\x00\x16\x00\x00\x00\x17\x00\x00\x00\r\x00*\x00(\x04\x03\x05\x03\x06\x03\x08\x07\x08\x08\x08\t\x08\n\x08\x0b\x08\x04\x08\x05\x08\x06\x04\x01\x0…
[18:10:33.445][127.0.0.1:54978]       >> RequestData(stream_id=1, data=b'\x16\x03\x01\x00\x96\x01\x00\x00\x92\x03\x03\n\xf3n\t\xbcs\xd4c\xbd\x91\xed\x8c\x1b\xc7\xe1\xb7\xf8\x9f\xea\x12h\x84\x9fs/s)\x15\xe6\x1e\xf5J\x00\x00\x04\xc0+\x00\xff\x01\x00\x00e\x00\x00\x00\x0f\x00\r\x00\x00\ngoogle.com\x00\x0b\x00\x04\x03\x00\x01\x02\x00\n\x00\x0c\x00\n\x00\x1d\x00\x17\x00\x1e\x00\x19\x00\x18\x00#\x00\x00\x00\x16\x00\x00\x00\x17\x00\x00\x00\r\x00*\x00(\x04\x03\x05\x03\x06\x03\x08\x07\x08\x08\x08\t\x08\n\x08\x0b\x08\x04\x08\x05\x08\x06\x04\x01\x05\x01\x0…
[18:10:33.445][127.0.0.1:54978]         >> DataReceived(client, b'\x16\x03\x01\x00\x96\x01\x00\x00\x92\x03\x03\n\xf3n\t\xbcs\xd4c\xbd\x91\xed\x8c\x1b\xc7\xe1\xb7\xf8\x9f\xea\x12h\x84\x9fs/s)\x15\xe6\x1e\xf5J\x00\x00\x04\xc0+\x00\xff\x01\x00\x00e\x00\x00\x00\x0f\x00\r\x00\x00\ngoogle.com\x00\x0b\x00\x04\x03\x00\x01\x02\x00\n\x00\x0c\x00\n\x00\x1d\x00\x17\x00\x1e\x00\x19\x00\x18\x00#\x00\x00\x00\x16\x00\x00\x00\x17\x00\x00\x00\r\x00*\x00(\x04\x03\x05\x03\x06\x03\x08\x07\x08\x08\x08\t\x08\n\x08\x0b\x08\x04\x08\x05\x08\x06\x04\x01\x05\x01\x06\x01\x03…
[18:10:33.445][127.0.0.1:54978]         << NextLayerHook(data=NextLayer:None)
[18:10:33.445][127.0.0.1:54978]       << NextLayerHook(data=NextLayer:None)
[18:10:33.445][127.0.0.1:54978]     << NextLayerHook(data=NextLayer:None)
[18:10:33.446][127.0.0.1:54978]   << NextLayerHook(data=NextLayer:None)
[18:10:33.447][127.0.0.1:54978]   >> Reply(NextLayerHook(data=NextLayer:ServerTLSLayer(inactive None None)), None)
[18:10:33.448][127.0.0.1:54978]     >> Reply(NextLayerHook(data=NextLayer:ServerTLSLayer(inactive None None)), None)
[18:10:33.448][127.0.0.1:54978]       >> Reply(NextLayerHook(data=NextLayer:ServerTLSLayer(inactive None None)), None)
[18:10:33.448][127.0.0.1:54978]         >> Reply(NextLayerHook(data=NextLayer:ServerTLSLayer(inactive None None)), None)
[18:10:33.448][127.0.0.1:54978]         [nextlayer] ServerTLSLayer(inactive None None)
[18:10:33.448][127.0.0.1:54978]         >> Start({})
[18:10:33.448][127.0.0.1:54978]           >> Start({})
[18:10:33.449][127.0.0.1:54978]         >> DataReceived(client, b'\x16\x03\x01\x00\x96\x01\x00\x00\x92\x03\x03\n\xf3n\t\xbcs\xd4c\xbd\x91\xed\x8c\x1b\xc7\xe1\xb7\xf8\x9f\xea\x12h\x84\x9fs/s)\x15\xe6\x1e\xf5J\x00\x00\x04\xc0+\x00\xff\x01\x00\x00e\x00\x00\x00\x0f\x00\r\x00\x00\ngoogle.com\x00\x0b\x00\x04\x03\x00\x01\x02\x00\n\x00\x0c\x00\n\x00\x1d\x00\x17\x00\x1e\x00\x19\x00\x18\x00#\x00\x00\x00\x16\x00\x00\x00\x17\x00\x00\x00\r\x00*\x00(\x04\x03\x05\x03\x06\x03\x08\x07\x08\x08\x08\t\x08\n\x08\x0b\x08\x04\x08\x05\x08\x06\x04\x01\x05\x01\x06\x01\x03…
[18:10:33.449][127.0.0.1:54978]           >> DataReceived(client, b'\x16\x03\x01\x00\x96\x01\x00\x00\x92\x03\x03\n\xf3n\t\xbcs\xd4c\xbd\x91\xed\x8c\x1b\xc7\xe1\xb7\xf8\x9f\xea\x12h\x84\x9fs/s)\x15\xe6\x1e\xf5J\x00\x00\x04\xc0+\x00\xff\x01\x00\x00e\x00\x00\x00\x0f\x00\r\x00\x00\ngoogle.com\x00\x0b\…
[18:10:33.449][127.0.0.1:54978]           << TlsClienthelloHook(data=ClientHelloData(context=Context(
            Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': ProxyMode.parse('regular'), 'tls': True, 'sni': 'google.com', 'alpn_offers': []}),
            Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 3…
[18:10:33.450][127.0.0.1:54978]         << TlsClienthelloHook(data=ClientHelloData(context=Context(
[18:10:33.450][127.0.0.1:54978]         << TlsClienthelloHook(data=ClientHelloData(context=Context(
[18:10:33.450][127.0.0.1:54978]       << TlsClienthelloHook(data=ClientHelloData(context=Context(
[18:10:33.451][127.0.0.1:54978]     << TlsClienthelloHook(data=ClientHelloData(context=Context(
[18:10:33.451][127.0.0.1:54978]   << TlsClienthelloHook(data=ClientHelloData(context=Context(
[18:10:33.453][127.0.0.1:54978]   >> Reply(TlsClienthelloHook(data=ClientHelloData(context=Context(
    Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': ProxyMode.parse('regular'), 'tls': True, 'sni': 'google.com', 'alpn_offers': []}),
    Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.1…
[18:10:33.454][127.0.0.1:54978]     >> Reply(TlsClienthelloHook(data=ClientHelloData(context=Context(
[18:10:33.454][127.0.0.1:54978]       >> Reply(TlsClienthelloHook(data=ClientHelloData(context=Context(
[18:10:33.454][127.0.0.1:54978]         >> Reply(TlsClienthelloHook(data=ClientHelloData(context=Context(
[18:10:33.455][127.0.0.1:54978]           >> Reply(TlsClienthelloHook(data=ClientHelloData(context=Context(
[18:10:33.455][127.0.0.1:54978]           << OpenConnection({'connection': Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestamp_tcp_setup': 1676916633.4401586, 'peername': ('172.217.27.14', 443), 'tls': True})})
[18:10:33.455][127.0.0.1:54978]         << TlsStartServerHook(data=TlsData(conn=Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestamp_tcp_setup': 1676916633.4401586, 'peername': ('172.217.27.14', 443), 'tls': True}), context=Context(
          Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.O…
[18:10:33.455][127.0.0.1:54978]       << TlsStartServerHook(data=TlsData(conn=Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestamp_tcp_…
[18:10:33.455][127.0.0.1:54978]     << TlsStartServerHook(data=TlsData(conn=Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestamp_tcp_…
[18:10:33.456][127.0.0.1:54978]   << TlsStartServerHook(data=TlsData(conn=Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestamp_tcp_…
[18:10:33.490][127.0.0.1:54978]   >> Reply(TlsStartServerHook(data=TlsData(conn=Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestamp_tcp_setup': 1676916633.4401586, 'peername': ('172.217.27.14', 443), 'tls': True, 'sni': 'google.com', 'alpn_offers': []}), context=Context(
    Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1…
[18:10:33.490][127.0.0.1:54978]     >> Reply(TlsStartServerHook(data=TlsData(conn=Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestam…
[18:10:33.490][127.0.0.1:54978]       >> Reply(TlsStartServerHook(data=TlsData(conn=Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestam…
[18:10:33.491][127.0.0.1:54978]         >> Reply(TlsStartServerHook(data=TlsData(conn=Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestam…
[18:10:33.491][127.0.0.1:54978]         << SendData(server, b"\x16\x03\x01\x01/\x01\x00\x01+\x03\x03\xb0\xdc\xd7\x16\xc3\xe3l\x90\xcd)\x98`~\x9c\xfa\xab*\x89\xfe\xfb\xca\xc7\xb1\\\x1b:\x83\xc5\x87\xc2\x00\xb7 \xc7\x8d5\xf5!\xf3\x8f\xa4\xa0\xa1/\x0c=\xe4 \xfa\x11\xf0\xe6\xf2\x8e\xdcP\xbb0WS\x8bqe\xd0\xca\x00:\x13\x02\x13\x03\x13\x01\xc0+\xc0/\xc0,\xc00\xcc\xa9\xcc\xa8\x00\x9e\x00\x9f\xcc\xaa\xc0#\xc0'\xc0\t\xc0\x13\xc0$\xc0(\xc0\n\xc0\x14\x00g\x00k\x00\x9c\x00\x9d\x00<\x00=\x00/\x005\x00\xff\x01\x00\x00\xa8\x00\x00\x00\x0f\x00\r\x00\x00\ngoogle.co…
[18:10:33.491][127.0.0.1:54978]       << SendData(server, b"\x16\x03\x01\x01/\x01\x00\x01+\x03\x03\xb0\xdc\xd7\x16\xc3\xe3l\x90\xcd)\x98`~\x9c\xfa\xab*\x89\xfe\xfb\xca\xc7\xb1\\\x1b:\x83\xc5\x87\xc2\x00\xb7 \xc7\x8d5\xf5!\xf3\x8f\xa4\xa0\xa1/\x0c=\xe4 \xfa\x11\xf0\xe6\xf2\x8e\xdcP\xbb0WS\x8bqe…
[18:10:33.491][127.0.0.1:54978]     << SendData(server, b"\x16\x03\x01\x01/\x01\x00\x01+\x03\x03\xb0\xdc\xd7\x16\xc3\xe3l\x90\xcd)\x98`~\x9c\xfa\xab*\x89\xfe\xfb\xca\xc7\xb1\\\x1b:\x83\xc5\x87\xc2\x00\xb7 \xc7\x8d5\xf5!\xf3\x8f\xa4\xa0\xa1/\x0c=\xe4 \xfa\x11\xf0\xe6\xf2\x8e\xdcP\xbb0WS\x8bqe…
[18:10:33.491][127.0.0.1:54978]   << SendData(server, b"\x16\x03\x01\x01/\x01\x00\x01+\x03\x03\xb0\xdc\xd7\x16\xc3\xe3l\x90\xcd)\x98`~\x9c\xfa\xab*\x89\xfe\xfb\xca\xc7\xb1\\\x1b:\x83\xc5\x87\xc2\x00\xb7 \xc7\x8d5\xf5!\xf3\x8f\xa4\xa0\xa1/\x0c=\xe4 \xfa\x11\xf0\xe6\xf2\x8e\xdcP\xbb0WS\x8bqe…
[18:10:33.508][127.0.0.1:54978]   >> DataReceived(server, b'\x16\x03\x03\x00z\x02\x00\x00v\x03\x03\t_wK\xae\xefv\x9c\xfb\x11\x88\xe4B\x9b\xb1\xce\x86\xac\xe7T\xeb\xb97q\xb8\xbd)B\xd6\x88T\xc7 \xc7\x8d5\xf5!\xf3\x8f\xa4\xa0\xa1/\x0c=\xe4 \xfa\x11\xf0\xe6\xf2\x8e\xdcP\xbb0WS\x8bqe\xd0\xca\x13\x02\x00\x00.\x003\x00$\x00\x1d\x00 \xf5\x11\x1e\xbc\xcb\x81\xcc\x1c\xbc;"]\x04\xf8KU=\xfa\xef\x1e\x88\xc5\x9f9bVWQ\x9f\x13k2\x00+\x00\x02\x03\x04\x14\x03\x03\x00\x01\x01\x17\x03\x03\x19\xf1\xf2\xf3]L\x87\xe3\xf7(\x1e\xa7N\x8c\xd3\x82\x9d<r \xf0\x19 \xb2\…
[18:10:33.508][127.0.0.1:54978]     >> DataReceived(server, b'\x16\x03\x03\x00z\x02\x00\x00v\x03\x03\t_wK\xae\xefv\x9c\xfb\x11\x88\xe4B\x9b\xb1\xce\x86\xac\xe7T\xeb\xb97q\xb8\xbd)B\xd6\x88T\xc7 \xc7\x8d5\xf5!\xf3\x8f\xa4\xa0\xa1/\x0c=\xe4 \xfa\x11\xf0\xe6\xf2\x8e\xdcP\xbb0WS\x8bqe\xd0\xca\x1…
[18:10:33.509][127.0.0.1:54978]       >> DataReceived(server, b'\x16\x03\x03\x00z\x02\x00\x00v\x03\x03\t_wK\xae\xefv\x9c\xfb\x11\x88\xe4B\x9b\xb1\xce\x86\xac\xe7T\xeb\xb97q\xb8\xbd)B\xd6\x88T\xc7 \xc7\x8d5\xf5!\xf3\x8f\xa4\xa0\xa1/\x0c=\xe4 \xfa\x11\xf0\xe6\xf2\x8e\xdcP\xbb0WS\x8bqe\xd0\xca\x1…
[18:10:33.509][127.0.0.1:54978]         >> DataReceived(server, b'\x16\x03\x03\x00z\x02\x00\x00v\x03\x03\t_wK\xae\xefv\x9c\xfb\x11\x88\xe4B\x9b\xb1\xce\x86\xac\xe7T\xeb\xb97q\xb8\xbd)B\xd6\x88T\xc7 \xc7\x8d5\xf5!\xf3\x8f\xa4\xa0\xa1/\x0c=\xe4 \xfa\x11\xf0\xe6\xf2\x8e\xdcP\xbb0WS\x8bqe\xd0\xca\x1…
[18:10:33.510][127.0.0.1:54978]   >> DataReceived(server, b'\xd0;\x86\xdd\xa5\x15\x8c@h/8Y`NX\x90R^AG\xe9\xff#\x81\xbdJ\x8f\x89\xcd\x12wM}\xb5%\xe4p,8C;\xffy\xac\x99\xd1c\xae\x98\x81p\xbf\xd0=/o_s\xe2ZE\x8di\xb5{\xb7\xdd\x8d\xc7fMQ\x05\xf9[j-\xa3\xe5=\xac\xcd<\xa9\x98~\xb7\x06\x82\x83\x05\x1a\xf5\x9e\xb8\xe2\xb2\xec\xde.\xd7I\xa2\xbf\xf8\x14uI\xdc~#\xf0\x97\xcf\xd6\xe9\xb9\x1d\xe4\xe3\x9e=g/\x8e\x8f\xa02\xeb}Ce\xcc]\x8as\xc8\xbe\x9b\x0c\x92/\x03\xb0f\x0er2r\xd7\xfb\x8f\xeb\xfa\x16\x1d\x95\xee\x16\x8a\xfa\xd5k\x16\x03P1\xad\xf2\xd2\n\xb3# \x…
[18:10:33.510][127.0.0.1:54978]     >> DataReceived(server, b'\xd0;\x86\xdd\xa5\x15\x8c@h/8Y`NX\x90R^AG\xe9\xff#\x81\xbdJ\x8f\x89\xcd\x12wM}\xb5%\xe4p,8C;\xffy\xac\x99\xd1c\xae\x98\x81p\xbf\xd0=/o_s\xe2ZE\x8di\xb5{\xb7\xdd\x8d\xc7fMQ\x05\xf9[j-\xa3\xe5=\xac\xcd<\xa9\x98~\xb7\x06\x82\x83\x05\…
[18:10:33.510][127.0.0.1:54978]       >> DataReceived(server, b'\xd0;\x86\xdd\xa5\x15\x8c@h/8Y`NX\x90R^AG\xe9\xff#\x81\xbdJ\x8f\x89\xcd\x12wM}\xb5%\xe4p,8C;\xffy\xac\x99\xd1c\xae\x98\x81p\xbf\xd0=/o_s\xe2ZE\x8di\xb5{\xb7\xdd\x8d\xc7fMQ\x05\xf9[j-\xa3\xe5=\xac\xcd<\xa9\x98~\xb7\x06\x82\x83\x05\…
[18:10:33.510][127.0.0.1:54978]         >> DataReceived(server, b'\xd0;\x86\xdd\xa5\x15\x8c@h/8Y`NX\x90R^AG\xe9\xff#\x81\xbdJ\x8f\x89\xcd\x12wM}\xb5%\xe4p,8C;\xffy\xac\x99\xd1c\xae\x98\x81p\xbf\xd0=/o_s\xe2ZE\x8di\xb5{\xb7\xdd\x8d\xc7fMQ\x05\xf9[j-\xa3\xe5=\xac\xcd<\xa9\x98~\xb7\x06\x82\x83\x05\…
[18:10:33.512][127.0.0.1:54978]         [tls] tls established: Server(google.com:443, state=open, tls, src_port=39616)
[18:10:33.514][127.0.0.1:54978]         << TlsEstablishedServerHook(data=TlsData(conn=Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestamp_tcp_setup': 1676916633.4401586, 'peername': ('172.217.27.14', 443), 'tls': True, 'sni': 'google.com', 'alpn_offers': [], 'timestamp_tls_setup': 1676916633.5123706, 'alpn': b'', 'certificate_list': [<Cert(cn='*.google.com', altnames=['*.google.com', '*.ap…
[18:10:33.514][127.0.0.1:54978]       << TlsEstablishedServerHook(data=TlsData(conn=Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestam…
[18:10:33.515][127.0.0.1:54978]     << TlsEstablishedServerHook(data=TlsData(conn=Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestam…
[18:10:33.516][127.0.0.1:54978]   << TlsEstablishedServerHook(data=TlsData(conn=Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestam…
[18:10:33.517][127.0.0.1:54978]   >> Reply(TlsEstablishedServerHook(data=TlsData(conn=Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestamp_tcp_setup': 1676916633.4401586, 'peername': ('172.217.27.14', 443), 'tls': True, 'sni': 'google.com', 'alpn_offers': [], 'timestamp_tls_setup': 1676916633.5123706, 'alpn': b'', 'certificate_list': [<Cert(cn='*.google.com', altnames=['*.google.com',…
[18:10:33.518][127.0.0.1:54978]     >> Reply(TlsEstablishedServerHook(data=TlsData(conn=Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'ti…
[18:10:33.519][127.0.0.1:54978]       >> Reply(TlsEstablishedServerHook(data=TlsData(conn=Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'ti…
[18:10:33.520][127.0.0.1:54978]         >> Reply(TlsEstablishedServerHook(data=TlsData(conn=Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'ti…
[18:10:33.520][127.0.0.1:54978]         << SendData(server, b'\x14\x03\x03\x00\x01\x01\x17\x03\x03\x00E\xbe\xfd8\xa3\x16\x05\x04h\xa1O5\xfboC\x83i\xedz\xb3\xfd\xd7\x14r\x11T\xf5BRz\xb2a{]i\x1b\xdb_4\xe4w\xc2[\xfdK\xcdn6\x914\xecF\xdd\x9f\x16,\xef\xf0\xf5\x90\xbf\xe2\xba1[1\x98,\xc5P')
[18:10:33.520][127.0.0.1:54978]       << SendData(server, b'\x14\x03\x03\x00\x01\x01\x17\x03\x03\x00E\xbe\xfd8\xa3\x16\x05\x04h\xa1O5\xfboC\x83i\xedz\xb3\xfd\xd7\x14r\x11T\xf5BRz\xb2a{]i\x1b\xdb_4\xe4w\xc2[\xfdK\xcdn6\x914\xecF\xdd\x9f\x16,\xef\xf0\xf5\x90\xbf\xe2\xba1[1\x98,\xc5P')
[18:10:33.520][127.0.0.1:54978]     << SendData(server, b'\x14\x03\x03\x00\x01\x01\x17\x03\x03\x00E\xbe\xfd8\xa3\x16\x05\x04h\xa1O5\xfboC\x83i\xedz\xb3\xfd\xd7\x14r\x11T\xf5BRz\xb2a{]i\x1b\xdb_4\xe4w\xc2[\xfdK\xcdn6\x914\xecF\xdd\x9f\x16,\xef\xf0\xf5\x90\xbf\xe2\xba1[1\x98,\xc5P')
[18:10:33.520][127.0.0.1:54978]   << SendData(server, b'\x14\x03\x03\x00\x01\x01\x17\x03\x03\x00E\xbe\xfd8\xa3\x16\x05\x04h\xa1O5\xfboC\x83i\xedz\xb3\xfd\xd7\x14r\x11T\xf5BRz\xb2a{]i\x1b\xdb_4\xe4w\xc2[\xfdK\xcdn6\x914\xecF\xdd\x9f\x16,\xef\xf0\xf5\x90\xbf\xe2\xba1[1\x98,\xc5P')
[18:10:33.521][127.0.0.1:54978]           >> Reply(OpenConnection({'connection': Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestamp_tcp_setup': 1676916633.4401586, 'peername': ('172.217.27.14', 443), 'tls': True, 'sni': 'google.com', 'alpn_offers': [], 'timestamp_tls_setup': 1676916633.5123706, 'alpn': b'', 'certificate_list': [<Cert(cn='*.google.com', altnames=['*.google.com', '*.appengine…
[18:10:33.521][127.0.0.1:54978]           << TlsStartClientHook(data=TlsData(conn=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': ProxyMode.parse('regular'), 'tls': True, 'sni': 'google.com', 'alpn_offers': []}), context=Context(
            Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPE…
[18:10:33.521][127.0.0.1:54978]         << TlsStartClientHook(data=TlsData(conn=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': ProxyM…
[18:10:33.522][127.0.0.1:54978]       << TlsStartClientHook(data=TlsData(conn=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': ProxyM…
[18:10:33.522][127.0.0.1:54978]     << TlsStartClientHook(data=TlsData(conn=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': ProxyM…
[18:10:33.523][127.0.0.1:54978]   << TlsStartClientHook(data=TlsData(conn=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': ProxyM…
[18:10:33.532][127.0.0.1:54978]   >> Reply(TlsStartClientHook(data=TlsData(conn=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': ProxyMode.parse('regular'), 'tls': True, 'sni': 'google.com', 'alpn_offers': []}), context=Context(
    Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionSta…
[18:10:33.532][127.0.0.1:54978]     >> Reply(TlsStartClientHook(data=TlsData(conn=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': …
[18:10:33.533][127.0.0.1:54978]       >> Reply(TlsStartClientHook(data=TlsData(conn=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': …
[18:10:33.533][127.0.0.1:54978]         >> Reply(TlsStartClientHook(data=TlsData(conn=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': …
[18:10:33.534][127.0.0.1:54978]           >> Reply(TlsStartClientHook(data=TlsData(conn=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': …
[18:10:33.534][127.0.0.1:54978] Client TLS handshake failed. The client may not trust the proxy's certificate for google.com (OpenSSL Error([('SSL routines', '', 'no shared cipher')]))
[18:10:33.534][127.0.0.1:54978]           << TlsFailedClientHook(data=TlsData(conn=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': ProxyMode.parse('regular'), 'tls': True, 'sni': 'google.com', 'alpn_offers': [], 'error': "The client may not trust the proxy's certificate for google.com (OpenSSL Error([('SSL routines', '', 'no shared cipher')]))"}), context=Context(
            Client({'id': '…3a76d3'…
[18:10:33.535][127.0.0.1:54978]         << TlsFailedClientHook(data=TlsData(conn=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': Proxy…
[18:10:33.535][127.0.0.1:54978]       << TlsFailedClientHook(data=TlsData(conn=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': Proxy…
[18:10:33.536][127.0.0.1:54978]     << TlsFailedClientHook(data=TlsData(conn=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': Proxy…
[18:10:33.536][127.0.0.1:54978]   << TlsFailedClientHook(data=TlsData(conn=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': Proxy…
[18:10:33.538][127.0.0.1:54978]   >> Reply(TlsFailedClientHook(data=TlsData(conn=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': ProxyMode.parse('regular'), 'tls': True, 'sni': 'google.com', 'alpn_offers': [], 'error': "The client may not trust the proxy's certificate for google.com (OpenSSL Error([('SSL routines', '', 'no shared cipher')]))"}), context=Context(
    Client({'id': '…3…
[18:10:33.538][127.0.0.1:54978]     >> Reply(TlsFailedClientHook(data=TlsData(conn=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode':…
[18:10:33.539][127.0.0.1:54978]       >> Reply(TlsFailedClientHook(data=TlsData(conn=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode':…
[18:10:33.539][127.0.0.1:54978]         >> Reply(TlsFailedClientHook(data=TlsData(conn=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode':…
[18:10:33.540][127.0.0.1:54978]           >> Reply(TlsFailedClientHook(data=TlsData(conn=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode':…
[18:10:33.540][127.0.0.1:54978]           << CloseConnection({'connection': Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': ProxyMode.parse('regular'), 'tls': True, 'sni': 'google.com', 'alpn_offers': [], 'error': "The client may not trust the proxy's certificate for google.com (OpenSSL Error([('SSL routines', '', 'no shared cipher')]))"}), 'half_close': False})
[18:10:33.540][127.0.0.1:54978]         << CloseConnection({'connection': Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': ProxyMode.pa…
[18:10:33.540][127.0.0.1:54978]       << Send(ResponseProtocolError(stream_id=1, message='EOF', code=502))
[18:10:33.540][127.0.0.1:54978]       >> ResponseProtocolError(stream_id=1, message='EOF', code=502)
[18:10:33.540][127.0.0.1:54978]       << CloseConnection({'connection': Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': ProxyMode.parse('regular'), 'tls': True, 'sni': 'google.com', 'alpn_offers': [], 'error': "The client may not trust the proxy's certificate for google.com (OpenSSL Error([('SSL routines', '', 'no shared cipher')]))"}), 'half_close': False})
[18:10:33.541][127.0.0.1:54978]     << CloseConnection({'connection': Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': ProxyMode.pa…
[18:10:33.541][127.0.0.1:54978]   << CloseConnection({'connection': Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.OPEN: 3>, 'transport_protocol': 'tcp', 'proxy_mode': ProxyMode.pa…
[18:10:33.541][127.0.0.1:54978] Swallowing Start({}) as handshake failed.
[18:10:33.542][127.0.0.1:54978]   >> ConnectionClosed(connection=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.CLOSED: 0>, 'transport_protocol': 'tcp', 'proxy_mode': ProxyMode.parse('regular'), 'tls': True, 'sni': 'google.com', 'alpn_offers': [], 'error': "The client may not trust the proxy's certificate for google.com (OpenSSL Error([('SSL routines', '', 'no shared cipher')]))"}))
[18:10:33.542][127.0.0.1:54978]     >> ConnectionClosed(connection=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.CLOSED: 0>, 'transport_protocol': 'tcp', 'proxy_mode': ProxyMode.par…
[18:10:33.542][127.0.0.1:54978]       >> ConnectionClosed(connection=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.CLOSED: 0>, 'transport_protocol': 'tcp', 'proxy_mode': ProxyMode.par…
[18:10:33.542][127.0.0.1:54978]       << Receive(RequestEndOfMessage(stream_id=1))
[18:10:33.543][127.0.0.1:54978]       >> RequestEndOfMessage(stream_id=1)
[18:10:33.543][127.0.0.1:54978]         >> ConnectionClosed(connection=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.CLOSED: 0>, 'transport_protocol': 'tcp', 'proxy_mode': ProxyMode.parse('regular'), 'tls': True, 'sni': 'google.com', 'alpn_offers': [], 'error': "The client may not trust the proxy's certificate for google.com (OpenSSL Error([('SSL routines', '', 'no shared cipher')]))"}))
[18:10:33.543][127.0.0.1:54978]           >> ConnectionClosed(connection=Client({'id': '…3a76d3', 'peername': ('127.0.0.1', 54978), 'sockname': ('127.0.0.1', 8080), 'timestamp_start': 1676916633.4191632, 'state': <ConnectionState.CLOSED: 0>, 'transport_protocol': 'tcp', 'proxy_mode': ProxyMode.par…
[18:10:33.544][127.0.0.1:54978] client disconnect
[18:10:33.544][127.0.0.1:54978] closing transports...
[18:10:33.545][127.0.0.1:54978]   >> ConnectionClosed(connection=Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.CLOSED: 0>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestamp_tcp_setup': 1676916633.4401586, 'peername': ('172.217.27.14', 443), 'tls': True, 'sni': 'google.com', 'alpn_offers': [], 'timestamp_tls_setup': 1676916633.5123706, 'alpn': b'', 'certificate_list': [<Cert(cn='*.google.com', altnames=['*.google.com', '*.appengine.googl…
[18:10:33.545][127.0.0.1:54978]     >> ConnectionClosed(connection=Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.CLOSED: 0>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestamp_tcp_setup':…
[18:10:33.546][127.0.0.1:54978]       >> ConnectionClosed(connection=Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.CLOSED: 0>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestamp_tcp_setup':…
[18:10:33.546][127.0.0.1:54978]         >> ConnectionClosed(connection=Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.CLOSED: 0>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestamp_tcp_setup':…
[18:10:33.547][127.0.0.1:54978]           >> ConnectionClosed(connection=Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.CLOSED: 0>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestamp_tcp_setup':…
[18:10:33.547][127.0.0.1:54978] Swallowing ConnectionClosed(connection=Server({'id': '…131765', 'address': ('google.com', 443), 'state': <ConnectionState.CLOSED: 0>, 'transport_protocol': 'tcp', 'sockname': ('192.168.128.139', 39616), 'timestamp_start': 1676916633.4307096, 'timestamp_tcp_setup': 1676916633.4401586, 'peername': ('172.217.27.14', 443), 'tls': True, 'sni': 'google.com', 'alpn_offers': [], 'timestamp_tls_setup': 1676916633.5123706, 'alpn': b'', 'certificate_list': [<Cert(cn='*.google.com', altnames=['*.google.com', '*.appengine.google.com', '*.bdn.dev', '*.origin-test.bdn.dev', '*.cloud.google.com', '*.crowdsource.google.com', '*.datacompute.google.com', '*.google.ca', '*.google.cl', '*.google.co.in', '*.google.co.jp', '*.google.co.uk', '*.google.com.ar', '*.google.com.au', '*.google.com.br', '*.google.com.co', '*.google.com.mx', '*.google.com.tr', '*.google.com.vn', '*.google.de', '*.google.es', '*.google.fr', '*.google.hu', '*.google.it', '*.google.nl', '*.google.pl', '*.google.pt', '*.googleadapis.com', '*.googleapis.cn', '*.googlevideo.com', '*.gstatic.cn', '*.gstatic-cn.com', 'googlecnapps.cn', '*.googlecnapps.cn', 'googleapps-cn.com', '*.googleapps-cn.com', 'gkecnapps.cn', '*.gkecnapps.cn', 'googledownloads.cn', '*.googledownloads.cn', 'recaptcha.net.cn', '*.recaptcha.net.cn', 'recaptcha-cn.net', '*.recaptcha-cn.net', 'widevine.cn', '*.widevine.cn', 'ampproject.org.cn', '*.ampproject.org.cn', 'ampproject.net.cn', '*.ampproject.net.cn', 'google-analytics-cn.com', '*.google-analytics-cn.com', 'googleadservices-cn.com', '*.googleadservices-cn.com', 'googlevads-cn.com', '*.googlevads-cn.com', 'googleapis-cn.com', '*.googleapis-cn.com', 'googleoptimize-cn.com', '*.googleoptimize-cn.com', 'doubleclick-cn.net', '*.doubleclick-cn.net', '*.fls.doubleclick-cn.net', '*.g.doubleclick-cn.net', 'doubleclick.cn', '*.doubleclick.cn', '*.fls.doubleclick.cn', '*.g.doubleclick.cn', 'dartsearch-cn.net', '*.dartsearch-cn.net', 'googletraveladservices-cn.com', '*.googletraveladservices-cn.com', 'googletagservices-cn.com', '*.googletagservices-cn.com', 'googletagmanager-cn.com', '*.googletagmanager-cn.com', 'googlesyndication-cn.com', '*.googlesyndication-cn.com', '*.safeframe.googlesyndication-cn.com', 'app-measurement-cn.com', '*.app-measurement-cn.com', 'gvt1-cn.com', '*.gvt1-cn.com', 'gvt2-cn.com', '*.gvt2-cn.com', '2mdn-cn.net', '*.2mdn-cn.net', 'googleflights-cn.net', '*.googleflights-cn.net', 'admob-cn.com', '*.admob-cn.com', 'googlesandbox-cn.com', '*.googlesandbox-cn.com', '*.safenup.googlesandbox-cn.com', '*.gstatic.com', '*.metric.gstatic.com', '*.gvt1.com', '*.gcpcdn.gvt1.com', '*.gvt2.com', '*.gcp.gvt2.com', '*.url.google.com', '*.youtube-nocookie.com', '*.ytimg.com', 'android.com', '*.android.com', '*.flash.android.com', 'g.cn', '*.g.cn', 'g.co', '*.g.co', 'goo.gl', 'www.goo.gl', 'google-analytics.com', '*.google-analytics.com', 'google.com', 'googlecommerce.com', '*.googlecommerce.com', 'ggpht.cn', '*.ggpht.cn', 'urchin.com', '*.urchin.com', 'youtu.be', 'youtube.com', '*.youtube.com', 'youtubeeducation.com', '*.youtubeeducation.com', 'youtubekids.com', '*.youtubekids.com', 'yt.be', '*.yt.be', 'android.clients.google.com', 'developer.android.google.cn', 'developers.android.google.cn', 'source.android.google.cn'])>, <Cert(cn='GTS CA 1C3', altnames=[])>, <Cert(cn='GTS Root R1', altnames=[])>], 'cipher': 'TLS_AES_256_GCM_SHA384', 'tls_version': 'TLSv1.3'})) as handshake failed.
[18:10:33.548][127.0.0.1:54978] server disconnect google.com:443 (172.217.27.14:443)
[18:10:33.548][127.0.0.1:54978] transports closed!

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Comments: 15 (1 by maintainers)

Most upvoted comments

Thank you for the excellent issue description. My initial hypothesis here was that the OpenSSL version that comes with your mitmproxy installation does not support ECDHE-ECDSA-AES128-GCM-SHA256. This would be consistent with your description:

  1. If you do not force TLS 1.2, it will use TLS 1.3, which currently bypasses cipher settings. This currently is a bug caused by OpenSSL’s ridiculous API for this (see https://github.com/mitmproxy/mitmproxy/issues/4260).
  2. If you do not force a specific cipher, a supported cipher will be used.

Your version output shows you’re using our precompiled binaries. These are built with the official pyOpenSSL/cryptography wheels. Let’s take a look:

>>> from OpenSSL import SSL
>>> ctx = SSL.Context(SSL.TLS_CLIENT_METHOD)
>>> conn = SSL.Connection(ctx)
>>> 'ECDHE-ECDSA-AES128-GCM-SHA256' in conn.get_cipher_list()
True

So that cipher is supported by our OpenSSL version, which means my initial hypothesis is wrong. However, this led me to search around a bit, and I stumbled upon this StackOverflow post. It seems like the problem here is that ECDHE-ECDSA does not work with the default certificates generated by mitmproxy. Using ECDHE-RSA-AES128-GCM-SHA256 instead works as expected. This is all I have so far, hope it helps!

+1
mhils on Feb 21, 2023
Read more comments on GitHub
← mitmproxy: Memory Leak in WireGuard Mode
mitmproxy: poor interactive performance / hanging requests →