diff options
| author | Maximilian Hils <git@maximilianhils.com> | 2016-05-01 18:59:37 -0700 |
|---|---|---|
| committer | Maximilian Hils <git@maximilianhils.com> | 2016-05-02 18:18:20 -0700 |
| commit | 7f894c131b3f2256573ddce00e8e581e73e7e279 (patch) | |
| tree | 7effd5e1d3b96c4dc10afe026915f18be19c4996 | |
| parent | 714ba1611125601e4eb21a2ceb5fa7f742d008b9 (diff) | |
| download | mitmproxy-7f894c131b3f2256573ddce00e8e581e73e7e279.tar.gz mitmproxy-7f894c131b3f2256573ddce00e8e581e73e7e279.tar.bz2 mitmproxy-7f894c131b3f2256573ddce00e8e581e73e7e279.zip | |
speed up TLS handshake if SNI is present
| -rw-r--r-- | mitmproxy/protocol/tls.py | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/mitmproxy/protocol/tls.py b/mitmproxy/protocol/tls.py index 26c3f9d2..229f0db1 100644 --- a/mitmproxy/protocol/tls.py +++ b/mitmproxy/protocol/tls.py @@ -341,14 +341,16 @@ class TlsLayer(Layer): https://www.openssl.org/docs/ssl/SSL_CTX_set_cert_cb.html - The original mitmproxy issue is https://github.com/mitmproxy/mitmproxy/issues/427 """ + if self._client_tls: + self._parse_client_hello() + # First, this requires that we have TLS on both the client and the server connection. + # Second, this must be disabled if the user specified --no-upstream-cert + # Third, if the client sends a SNI value, we can be reasonably sure that this is the actual target host. client_tls_requires_server_cert = ( - self._client_tls and self._server_tls and not self.config.no_upstream_cert + self._client_tls and self._server_tls and not self.config.no_upstream_cert and not self.client_sni ) - if self._client_tls: - self._parse_client_hello() - if client_tls_requires_server_cert: self._establish_tls_with_client_and_server() elif self._client_tls: |