okhttp
okhttp copied to clipboard
square
Unable to parse TLS packet header exception when using specific socks5 proxys
Using Mullvads socks5 proxy fails with javax.net.ssl.SSLException: Unable to parse TLS packet header when connecting to specific URLs.
Steps to reproduce:
- use the following client while connected to one of Mullvad vpns wireguard servers:
val client: OkHttpClient = run {
val builder = OkHttpClient.Builder()
builder.proxy(
Proxy(
Proxy.Type.SOCKS, InetSocketAddress(
InetAddress.getByName("10.64.0.1"),
1080,
)
)
)
builder.build()
- try to connect to:
"https://api64.ipify.org?format=json"
It will fail with the stacktrace down below.
Other
- This does not happen with every socks5 proxy, it works fine when using https://github.com/serjs/socks5-server for example.
- It also does not happen with every URL, requests to
"https://ipinfo.io/ip"or"https://www.github.com"for example work with mullvads proxy, while requests toipify.orgorwikipedia.orgdo not.
Stacktrace:
javax.net.ssl.SSLException: Unable to parse TLS packet header
org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:811)
org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:751)
org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:716)
org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:833)
org.conscrypt.ConscryptEngineSocket$SSLInputStream.access$100(ConscryptEngineSocket.java:706)
org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:230)
org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:209)
okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379)
okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337)
okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209)
okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226)
okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106)
okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74)
okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255)
okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
okhttp3.internal.connection.RealCall$AsyncCall.run(RealCall.kt:517)
Tested on version: 4.12.0 and 5.0.0-alpha.12
I tried contacting Mullvad support and this is what they said:
One thing that's worth mentioning is that when using the socks5 proxies it will default to prefer ipv6 over ipv4, and that can sometimes cause strange behavior depending on what your client supports or expects.
All the sites I tested that were reachable do indeed seem to not support IPv6, so the problem may be related to this.