aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--doc-src/howmitmproxy.html9
-rw-r--r--libmproxy/contrib/README2
2 files changed, 1 insertions, 10 deletions
diff --git a/doc-src/howmitmproxy.html b/doc-src/howmitmproxy.html
index fabd393a..16b5f722 100644
--- a/doc-src/howmitmproxy.html
+++ b/doc-src/howmitmproxy.html
@@ -145,15 +145,6 @@ passed to us. Now we can pause the conversation, and initiate an upstream
connection using the correct SNI value, which then serves us the correct
upstream certificate, from which we can extract the expected CN and SANs.
-There's another wrinkle here. Due to a limitation of the SSL library mitmproxy
-uses, we can't detect that a connection _hasn't_ sent an SNI request until it's
-too late for upstream certificate sniffing. In practice, we therefore make a
-vanilla SSL connection upstream to sniff non-SNI certificates, and then discard
-the connection if the client sends an SNI notification. If you're watching your
-traffic with a packet sniffer, you'll see two connections to the server when an
-SNI request is made, the first of which is immediately closed after the SSL
-handshake. Luckily, this is almost never an issue in practice.
-
## Putting it all together
Lets put all of this together into the complete explicitly proxied HTTPS flow.
diff --git a/libmproxy/contrib/README b/libmproxy/contrib/README
index e339310a..e5ce11da 100644
--- a/libmproxy/contrib/README
+++ b/libmproxy/contrib/README
@@ -10,5 +10,5 @@ wbxml
- https://github.com/davidpshaw/PyWBXMLDecoder
tls, BSD license
- - https://github.com/mhils/tls/tree/extension-parsing
+ - https://github.com/mhils/tls/tree/mitmproxy
- limited to required files. \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-25 12:45:16 +0000