Soner Tari
Soner Tari
I guess you are trying to redirect the HTTP traffic to sslsplit using an HTTPS_PROXY configuration on the curl command line. That's not how you should redirect to sslsplit. The...
When I look at the error message and the wireshark screenshot, I see that sslsplit is searching clienthello in the CONNECT packet sent by curl. Sslsplit is trying to SSL...
Perhaps you can try autossl instead of https proxyspec, autossl may be able to skip the connect packet and keep searching for clienthello to upgrade the connection to ssl. But...
Note first that your compiled and rtlinked OpenSSL versions do not match. You should have the same version for both. I think the error says that the client and sslsplit...
OpenSSL 1.1.0+ versions have removed weak (e.g. export grade) ciphers. See [this link](https://www.openssl.org/docs/man1.1.1/man1/ciphers.html) and search for the word `removed`. I think the ciphers on OpenSSL 1.1.1h/j are stronger than the...
Perhaps you can rebuild OpenSSL 1.1.1 with the enable-weak-ssl-ciphers option.
The openssl alert must be something like "bad certificate", "unknown CA", or "certificate unknown", if the client complains about the CA cert used for forging by sslsplit. See [the OpenSSL...
Yes, I should check possible memory allocation issues in such cases too. But I think @droe may have a more important objection to this code being merged to sslsplit. I...
Hi @trifle, when you say you want to whitelist at TLD level I guess for example you mean a suffix like `.tr`, so that all tr domains will be passed...
Thanks @trifle for your comments. No, you are right, my code cannot handle wildcard asterisk. But I was trying to say I have seen very long Common Names in Google...