TLS problem. SSL Handshake error SysCallError(-1, 'Unexpected EOF')


#1

I’m using mitmdump and I am getting this error
CONNECT xxxxxxxxh.execute-api.us-east-2.amazonaws.com:443
<< Cannot establish TLS with client (sni: xxxxxxxh.execute-api.us-east-2.amazonaws.com): TlsException(“SSL handshake error: SysCallError(-1, ‘Unexpected EOF’)”,)

Many other https sites have the same error BUT when I use wget specifying the proxy for the same request I have no problems and get the expected output.

So my theory is that the client software (that I have no control of) is not using a secure tls version and mitm is just reflecting the version requested to the upstream server who rejects it. (no proof but might be able to find a way to get some).

Is there a way to force it to use a tls version on the server connection and or how can I prove my theory. (its in a docker container and just occurred to me, maybe I can pcap both ends of the communication from the host but even then not sure if the detail I need will be in the un-encrypted portions of the negotiation)


#2

I did a bit more testing and found that forcing the tls versions doesn’t matter. in the end it’s something in the connection. possible that the client requires a specific certificate.