sslsplit
sslsplit copied to clipboard
debug mode works well, daemon mode gives ssl warning immediately
basic info:
sslsplit -V
SSLsplit 0.5.5 (built 2020-11-17)
Copyright (c) 2009-2019, Daniel Roethlisberger <[email protected]>
https://www.roe.ch/SSLsplit
Build info: V:FILE HDIFF:0 N:83c4edf
Features: -DHAVE_NETFILTER -DWITHOUT_MIRROR
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 1.1.1h 22 Sep 2020 (1010108f)
rtlinked against OpenSSL 1.1.1h 22 Sep 2020 (1010108f)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.11-stable
rtlinked against libevent 2.1.11-stable
1 CPU cores detected
uname
Linux kernel 5.4.75 mips GNU/Linux
openssl version: 1.1.11h
libevent version: 2.1.11
Debug mode works as expected on the router, daemon mode always gave ssl-certificate warnings.
Afaik, there shouldn't be any such difference between debug and daemon modes. Can you enable the DEBUG_PROXY switch in GNUmakefile, recompile, try and see if it provides further info?