mirror of
https://github.com/zhigang1992/mitmproxy.git
synced 2026-04-24 04:14:57 +08:00
Merge pull request #493 from elitest/master
Adding support for server facing SSL cipher suite specification
This commit is contained in:
@@ -45,7 +45,8 @@ class ProxyConfig:
|
|||||||
authenticator=None,
|
authenticator=None,
|
||||||
ignore_hosts=[],
|
ignore_hosts=[],
|
||||||
tcp_hosts=[],
|
tcp_hosts=[],
|
||||||
ciphers=None,
|
client_ciphers=None,
|
||||||
|
server_ciphers=None,
|
||||||
certs=[],
|
certs=[],
|
||||||
certforward=False,
|
certforward=False,
|
||||||
ssl_version_client="secure",
|
ssl_version_client="secure",
|
||||||
@@ -55,7 +56,8 @@ class ProxyConfig:
|
|||||||
self.host = host
|
self.host = host
|
||||||
self.port = port
|
self.port = port
|
||||||
self.server_version = server_version
|
self.server_version = server_version
|
||||||
self.ciphers = ciphers
|
self.client_ciphers = client_ciphers
|
||||||
|
self.server_ciphers = server_ciphers
|
||||||
self.clientcerts = clientcerts
|
self.clientcerts = clientcerts
|
||||||
self.no_upstream_cert = no_upstream_cert
|
self.no_upstream_cert = no_upstream_cert
|
||||||
self.body_size_limit = body_size_limit
|
self.body_size_limit = body_size_limit
|
||||||
@@ -188,7 +190,8 @@ def process_proxy_options(parser, options):
|
|||||||
ignore_hosts=options.ignore_hosts,
|
ignore_hosts=options.ignore_hosts,
|
||||||
tcp_hosts=options.tcp_hosts,
|
tcp_hosts=options.tcp_hosts,
|
||||||
authenticator=authenticator,
|
authenticator=authenticator,
|
||||||
ciphers=options.ciphers,
|
client_ciphers=options.client_ciphers,
|
||||||
|
server_ciphers=options.server_ciphers,
|
||||||
certs=certs,
|
certs=certs,
|
||||||
certforward=options.certforward,
|
certforward=options.certforward,
|
||||||
ssl_version_client=options.ssl_version_client,
|
ssl_version_client=options.ssl_version_client,
|
||||||
@@ -215,9 +218,14 @@ def ssl_option_group(parser):
|
|||||||
help="Client certificate directory."
|
help="Client certificate directory."
|
||||||
)
|
)
|
||||||
group.add_argument(
|
group.add_argument(
|
||||||
"--ciphers", action="store",
|
"--client-ciphers", action="store",
|
||||||
type=str, dest="ciphers", default=None,
|
type=str, dest="client_ciphers", default=None,
|
||||||
help="SSL cipher specification."
|
help="Client facing SSL cipher specification."
|
||||||
|
)
|
||||||
|
group.add_argument(
|
||||||
|
"--server-ciphers", action="store",
|
||||||
|
type=str, dest="server_ciphers", default=None,
|
||||||
|
help="Server facing SSL cipher specification."
|
||||||
)
|
)
|
||||||
group.add_argument(
|
group.add_argument(
|
||||||
"--cert-forward", action="store_true",
|
"--cert-forward", action="store_true",
|
||||||
@@ -248,4 +256,4 @@ def ssl_option_group(parser):
|
|||||||
metavar="PORT",
|
metavar="PORT",
|
||||||
help="Can be passed multiple times. Specify destination ports which are assumed to be SSL. "
|
help="Can be passed multiple times. Specify destination ports which are assumed to be SSL. "
|
||||||
"Defaults to %s." % str(TRANSPARENT_SSL_PORTS)
|
"Defaults to %s." % str(TRANSPARENT_SSL_PORTS)
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -188,7 +188,8 @@ class ConnectionHandler:
|
|||||||
self.config.clientcerts,
|
self.config.clientcerts,
|
||||||
sni,
|
sni,
|
||||||
method=self.config.openssl_server_method,
|
method=self.config.openssl_server_method,
|
||||||
options=self.config.openssl_server_options
|
options=self.config.openssl_server_options,
|
||||||
|
cipher_list=self.config.server_ciphers,
|
||||||
)
|
)
|
||||||
except tcp.NetLibError as v:
|
except tcp.NetLibError as v:
|
||||||
e = ProxyError(502, repr(v))
|
e = ProxyError(502, repr(v))
|
||||||
@@ -210,7 +211,7 @@ class ConnectionHandler:
|
|||||||
method=self.config.openssl_client_method,
|
method=self.config.openssl_client_method,
|
||||||
options=self.config.openssl_client_options,
|
options=self.config.openssl_client_options,
|
||||||
handle_sni=self.handle_sni,
|
handle_sni=self.handle_sni,
|
||||||
cipher_list=self.config.ciphers,
|
cipher_list=self.config.client_ciphers,
|
||||||
dhparams=self.config.certstore.dhparams,
|
dhparams=self.config.certstore.dhparams,
|
||||||
chain_file=chain_file
|
chain_file=chain_file
|
||||||
)
|
)
|
||||||
@@ -298,7 +299,7 @@ class ConnectionHandler:
|
|||||||
cert, key,
|
cert, key,
|
||||||
method=self.config.openssl_client_method,
|
method=self.config.openssl_client_method,
|
||||||
options=self.config.openssl_client_options,
|
options=self.config.openssl_client_options,
|
||||||
cipher_list=self.config.ciphers,
|
cipher_list=self.config.client_ciphers,
|
||||||
dhparams=self.config.certstore.dhparams,
|
dhparams=self.config.certstore.dhparams,
|
||||||
chain_file=chain_file
|
chain_file=chain_file
|
||||||
)
|
)
|
||||||
|
|||||||
Reference in New Issue
Block a user