diff options
author | Maximilian Hils <git@maximilianhils.com> | 2020-04-08 08:04:44 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-04-08 08:04:44 +0200 |
commit | ab79bb0313d3bf7c5c1a5853baae176e87c59050 (patch) | |
tree | 28039ecdf76368b07f6635aca1e7e17f9c83975a | |
parent | fbe296aaba774b01348a55a6c9e10097bfd61b60 (diff) | |
download | mitmproxy-ab79bb0313d3bf7c5c1a5853baae176e87c59050.tar.gz mitmproxy-ab79bb0313d3bf7c5c1a5853baae176e87c59050.tar.bz2 mitmproxy-ab79bb0313d3bf7c5c1a5853baae176e87c59050.zip |
reduce leaf certificate lifetime to one year
Safari will, later this year, no longer accept new HTTPS certificates that expire more than 13 months from their creation date.
-rw-r--r-- | mitmproxy/certs.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/mitmproxy/certs.py b/mitmproxy/certs.py index d574c027..a37d29bc 100644 --- a/mitmproxy/certs.py +++ b/mitmproxy/certs.py @@ -15,8 +15,8 @@ import OpenSSL from mitmproxy.coretypes import serializable # Default expiry must not be too long: https://github.com/mitmproxy/mitmproxy/issues/815 -DEFAULT_EXP = 94608000 # = 24 * 60 * 60 * 365 * 3 -DEFAULT_EXP_DUMMY_CERT = 63072000 # = 2 years +DEFAULT_EXP = 94608000 # = 60 * 60 * 24 * 365 * 3 = 3 years +DEFAULT_EXP_DUMMY_CERT = 31536000 # = 60 * 60 * 24 * 365 = 1 year # Generated with "openssl dhparam". It's too slow to generate this on startup. DEFAULT_DHPARAM = b""" |