Daniel Roethlisberger
Daniel Roethlisberger
SSLsplit is transparent in that it doesn't operate as a proxy configured in the client (browser) but instead intercepts regular connections from the network. Does using an `ssl` proxyspec instead...
Also, can you be more specific on the «problems for some misbehaving web servers» that you mention?
No concerns except for the not human readable raw logs produced by sslsplit; postprocessing can fix that. To answer your question: the raison d'etre of the HTTP mode was originally...
I was thinking that the lua code should be able to register what it wants to see (requests vs responses, size limit, headers vs body). This is the easy bit....
TCP reassembly is handled by the kernel.
I'm not sure what exactly you want to achieve, since the back-end server is - by definition - expecting HTTPS. Maybe HAProxy can do what you want, terminating SSL? If...
Ah okay. Yes, that is not a trivial change. It would require a separation of the retrieval of the certificate from the actual backend request, which is currently handled in...
The proper solution depends on an improved protocol parsing core, see #40.
FreeBSD support implemented in 125163a.
Depends on either CDP parser and cache (request based), or a rewrite of the HTTP handling code (response based).