Daniel Roethlisberger
Daniel Roethlisberger
Build against OpenSSL 1.1.1 now works and unit tests pass, but there has not been much testing. In particular, TLS 1.3 has not been tested yet.
`develop` gained a Dockerfile that could serve as a base for test containers.
May be superceded by #89
Thanks for the contribution. Have you tested this patch under conditions where browser and server actually do select h2 or spdy and you use a `https` proxyspec? I expect changes...
Would you be willing to also update the manual page with information on how the different modes behave with this patch regarding ALPN relaying and support for funky protocols? Is...
Neither seems to be adequate. I am thinking more along the lines of MEDIUM:HIGH. I aim for a decent rating without major issues on https://www.ssllabs.com/ssltest/viewMyClient.html in the default configuration. That...
Now there's an interesting thought. The answer is yes, if we extend the ClientHello parser that currently parses the SNI hostname to also extract the requested cipher suites. We'd then...
I moved the idea of copying the client's cipher suites into the server connection to a separate issue in order to keep this issue scoped on modernizing the defaults.
Related: #189 - sslsplit now uses SHA-256 as a fallback hash algorithm if the upstream server certificate uses a different key type than the configured sslsplit CA. If they match,...
Yes, your analysis is right, the LUA branch was a contributed PoC that is too basic to be generally useful. It lacks all the needed infrastructure changes: more complete and...