diff options
Diffstat (limited to 'doc-src/features/upstreamcerts.html')
| -rw-r--r-- | doc-src/features/upstreamcerts.html | 24 |
1 files changed, 0 insertions, 24 deletions
diff --git a/doc-src/features/upstreamcerts.html b/doc-src/features/upstreamcerts.html deleted file mode 100644 index a86ed67d..00000000 --- a/doc-src/features/upstreamcerts.html +++ /dev/null @@ -1,24 +0,0 @@ -When mitmproxy receives a connection destined for an SSL-protected service, it -freezes the connection before reading its request data, and makes a connection -to the upstream server to "sniff" the contents of its SSL certificate. The -information gained - the __Common Name__ and __Subject Alternative Names__ - is -then used to generate the interception certificate, which is sent to the client -so the connection can continue. - -This rather intricate little dance lets us seamlessly generate correct -certificates even if the client has specifed only an IP address rather than the -hostname. It also means that we don't need to sniff additional data to generate -certs in transparent mode. - -Upstream cert sniffing is on by default, and can optionally be turned off. - -<table class="table"> - <tbody> - <tr> - <th width="20%">command-line</th> <td>--no-upstream-cert</td> - </tr> - <tr> - <th>mitmproxy shortcut</th> <td><b>o</b> then <b>U</b></td> - </tr> - </tbody> -</table> |