diff options
| author | Maximilian Hils <git@maximilianhils.com> | 2015-03-02 14:25:14 +0100 |
|---|---|---|
| committer | Maximilian Hils <git@maximilianhils.com> | 2015-03-02 14:25:14 +0100 |
| commit | 7cf1ec7435d6893555152136fcd346eb9bec5fbc (patch) | |
| tree | 307ded3901791896caa4bb48cc249819c37f8da8 | |
| parent | dff70150f5197173c5534cd947d2824c166c4527 (diff) | |
| parent | 5e07fe08ea80a860a215fe65b8430698261c7cb7 (diff) | |
| download | mitmproxy-7cf1ec7435d6893555152136fcd346eb9bec5fbc.tar.gz mitmproxy-7cf1ec7435d6893555152136fcd346eb9bec5fbc.tar.bz2 mitmproxy-7cf1ec7435d6893555152136fcd346eb9bec5fbc.zip | |
Merge pull request #493 from elitest/master
Adding support for server facing SSL cipher suite specification
| -rw-r--r-- | libmproxy/proxy/config.py | 22 | ||||
| -rw-r--r-- | libmproxy/proxy/server.py | 7 |
2 files changed, 19 insertions, 10 deletions
diff --git a/libmproxy/proxy/config.py b/libmproxy/proxy/config.py index 84893323..a4765852 100644 --- a/libmproxy/proxy/config.py +++ b/libmproxy/proxy/config.py @@ -45,7 +45,8 @@ class ProxyConfig: authenticator=None, ignore_hosts=[], tcp_hosts=[], - ciphers=None, + client_ciphers=None, + server_ciphers=None, certs=[], certforward=False, ssl_version_client="secure", @@ -55,7 +56,8 @@ class ProxyConfig: self.host = host self.port = port self.server_version = server_version - self.ciphers = ciphers + self.client_ciphers = client_ciphers + self.server_ciphers = server_ciphers self.clientcerts = clientcerts self.no_upstream_cert = no_upstream_cert self.body_size_limit = body_size_limit @@ -188,7 +190,8 @@ def process_proxy_options(parser, options): ignore_hosts=options.ignore_hosts, tcp_hosts=options.tcp_hosts, authenticator=authenticator, - ciphers=options.ciphers, + client_ciphers=options.client_ciphers, + server_ciphers=options.server_ciphers, certs=certs, certforward=options.certforward, ssl_version_client=options.ssl_version_client, @@ -215,9 +218,14 @@ def ssl_option_group(parser): help="Client certificate directory." ) group.add_argument( - "--ciphers", action="store", - type=str, dest="ciphers", default=None, - help="SSL cipher specification." + "--client-ciphers", action="store", + type=str, dest="client_ciphers", default=None, + help="Client facing SSL cipher specification." + ) + group.add_argument( + "--server-ciphers", action="store", + type=str, dest="server_ciphers", default=None, + help="Server facing SSL cipher specification." ) group.add_argument( "--cert-forward", action="store_true", @@ -248,4 +256,4 @@ def ssl_option_group(parser): metavar="PORT", help="Can be passed multiple times. Specify destination ports which are assumed to be SSL. " "Defaults to %s." % str(TRANSPARENT_SSL_PORTS) - )
\ No newline at end of file + ) diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py index 8544ff72..cb6d3c70 100644 --- a/libmproxy/proxy/server.py +++ b/libmproxy/proxy/server.py @@ -188,7 +188,8 @@ class ConnectionHandler: self.config.clientcerts, sni, method=self.config.openssl_server_method, - options=self.config.openssl_server_options + options=self.config.openssl_server_options, + cipher_list=self.config.server_ciphers, ) except tcp.NetLibError as v: e = ProxyError(502, repr(v)) @@ -210,7 +211,7 @@ class ConnectionHandler: method=self.config.openssl_client_method, options=self.config.openssl_client_options, handle_sni=self.handle_sni, - cipher_list=self.config.ciphers, + cipher_list=self.config.client_ciphers, dhparams=self.config.certstore.dhparams, chain_file=chain_file ) @@ -298,7 +299,7 @@ class ConnectionHandler: cert, key, method=self.config.openssl_client_method, options=self.config.openssl_client_options, - cipher_list=self.config.ciphers, + cipher_list=self.config.client_ciphers, dhparams=self.config.certstore.dhparams, chain_file=chain_file ) |