I have a proxy app written in Golang. For now the proxy requires no authentication. I can deploy it with or without tls certificates.
At first I deployed it with tls certs. I tried connecting with foxyproxy addon in firefox and it worked fine. I then tried it with curl like
curl --proxy https://myproxy.com:port -v icanhazip.com
and it returns the correct IP and since the result is verbose I see that handshake was successful. The Ciphersuite is ECDHE-RSA-AES256-GCM-SHA384.
Everything works perfectly fine with foxyproxy too.
Now when I try to use this proxy system wide in ubuntu, I'm getting errors. I set the proxy in HTTPS Proxy field in network field of network settings in Ubuntu.
Now when I try to visit a website like https://www.google.com I'm getting the error ERR_RESPONSE_HEADERS_TRUNCATED from Chrome. It seems that handshakes are failing. When I check the server logs I see two types of error:
http: TLS handshake error from myip:56126: tls: oversized record received with length 20037
or
http: TLS handshake error from myip:55262: EOF
I did some digging around and found out those errors happen when the client is not speaking with tls. I don't know what the issue is.
I deploy my server like:
server := &http.Server{
Addr: addr,
Handler: handler,
}
err := server.ListenAndServeTLS("path/to/cert", "path/to/key")
log.Fatal(err)
I don't know if it helps but I'm getting my certs from LetsEncrypt with Certbot.
Now when I deploy my code without tls certs, everything works fine but I know this will have security flaws and should only be used for debugging.
Any help is appreciated. I asked this question on stackoverflow but they marked my question as off-topic. I hope this is the right place.
