From 0b7b0ac33dd8bb5d057ebc36b8979d5e3ddc0384 Mon Sep 17 00:00:00 2001 From: elitest Date: Sat, 28 Feb 2015 10:16:31 -0600 Subject: Update Config.py to improve cipher selection added support for specifying cipher suites on both sides of the proxy instead of just the one. --- libmproxy/proxy/config.py | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'libmproxy/proxy/config.py') diff --git a/libmproxy/proxy/config.py b/libmproxy/proxy/config.py index 84893323..335d2dcf 100644 --- a/libmproxy/proxy/config.py +++ b/libmproxy/proxy/config.py @@ -55,7 +55,8 @@ class ProxyConfig: self.host = host self.port = port self.server_version = server_version - self.ciphers = ciphers + self.client_ciphers = client_ciphers + self.server_ciphers = server_ciphers self.clientcerts = clientcerts self.no_upstream_cert = no_upstream_cert self.body_size_limit = body_size_limit @@ -215,9 +216,14 @@ def ssl_option_group(parser): help="Client certificate directory." ) group.add_argument( - "--ciphers", action="store", - type=str, dest="ciphers", default=None, - help="SSL cipher specification." + "--client-ciphers", action="store", + type=str, dest="client_ciphers", default=None, + help="Proxy client SSL cipher specification." + ) + group.add_argument( + "--server-ciphers", action="store", + type=str, dest="server_ciphers", default=None, + help="Proxy server SSL cipher specification." ) group.add_argument( "--cert-forward", action="store_true", @@ -248,4 +254,4 @@ def ssl_option_group(parser): metavar="PORT", help="Can be passed multiple times. Specify destination ports which are assumed to be SSL. " "Defaults to %s." % str(TRANSPARENT_SSL_PORTS) - ) \ No newline at end of file + ) -- cgit v1.2.3 From b063d6020f18e8b0f3da56ebad557cec49a7ada5 Mon Sep 17 00:00:00 2001 From: Jim Shaver Date: Sun, 1 Mar 2015 20:12:27 -0600 Subject: specified cipher_list in a few more locations, added a missing comma --- libmproxy/proxy/config.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'libmproxy/proxy/config.py') diff --git a/libmproxy/proxy/config.py b/libmproxy/proxy/config.py index 335d2dcf..0215f92c 100644 --- a/libmproxy/proxy/config.py +++ b/libmproxy/proxy/config.py @@ -45,7 +45,8 @@ class ProxyConfig: authenticator=None, ignore_hosts=[], tcp_hosts=[], - ciphers=None, + client_ciphers=None, + server_ciphers=None, certs=[], certforward=False, ssl_version_client="secure", @@ -189,7 +190,8 @@ def process_proxy_options(parser, options): ignore_hosts=options.ignore_hosts, tcp_hosts=options.tcp_hosts, authenticator=authenticator, - ciphers=options.ciphers, + client_ciphers=options.client_ciphers, + server_ciphers=options.server_ciphers, certs=certs, certforward=options.certforward, ssl_version_client=options.ssl_version_client, -- cgit v1.2.3 From 13e74facb6b7af85cd9543ec56e01c3cd9b8270b Mon Sep 17 00:00:00 2001 From: elitest Date: Sun, 1 Mar 2015 20:21:35 -0600 Subject: Update config.py --- libmproxy/proxy/config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'libmproxy/proxy/config.py') diff --git a/libmproxy/proxy/config.py b/libmproxy/proxy/config.py index 0215f92c..e8c75bee 100644 --- a/libmproxy/proxy/config.py +++ b/libmproxy/proxy/config.py @@ -191,7 +191,7 @@ def process_proxy_options(parser, options): tcp_hosts=options.tcp_hosts, authenticator=authenticator, client_ciphers=options.client_ciphers, - server_ciphers=options.server_ciphers, + server_ciphers=options.server_ciphers, certs=certs, certforward=options.certforward, ssl_version_client=options.ssl_version_client, -- cgit v1.2.3 From c6f54605a72fa577ad1c968eb438f0aad8347c82 Mon Sep 17 00:00:00 2001 From: elitest Date: Sun, 1 Mar 2015 20:49:03 -0600 Subject: Update Config.py to clarify help messages --- libmproxy/proxy/config.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'libmproxy/proxy/config.py') diff --git a/libmproxy/proxy/config.py b/libmproxy/proxy/config.py index e8c75bee..a4765852 100644 --- a/libmproxy/proxy/config.py +++ b/libmproxy/proxy/config.py @@ -220,12 +220,12 @@ def ssl_option_group(parser): group.add_argument( "--client-ciphers", action="store", type=str, dest="client_ciphers", default=None, - help="Proxy client SSL cipher specification." + help="Client facing SSL cipher specification." ) group.add_argument( "--server-ciphers", action="store", type=str, dest="server_ciphers", default=None, - help="Proxy server SSL cipher specification." + help="Server facing SSL cipher specification." ) group.add_argument( "--cert-forward", action="store_true", -- cgit v1.2.3 From 75ba0a92e4dd0f331505f450d6baa89b18abe2f2 Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Mon, 2 Mar 2015 14:35:50 +0100 Subject: do some housekeeping --- libmproxy/proxy/config.py | 60 +++++++++++++++++++++++------------------------ 1 file changed, 30 insertions(+), 30 deletions(-) (limited to 'libmproxy/proxy/config.py') diff --git a/libmproxy/proxy/config.py b/libmproxy/proxy/config.py index a4765852..dfde2958 100644 --- a/libmproxy/proxy/config.py +++ b/libmproxy/proxy/config.py @@ -45,8 +45,8 @@ class ProxyConfig: authenticator=None, ignore_hosts=[], tcp_hosts=[], - client_ciphers=None, - server_ciphers=None, + ciphers_client=None, + ciphers_server=None, certs=[], certforward=False, ssl_version_client="secure", @@ -56,8 +56,8 @@ class ProxyConfig: self.host = host self.port = port self.server_version = server_version - self.client_ciphers = client_ciphers - self.server_ciphers = server_ciphers + self.ciphers_client = ciphers_client + self.ciphers_server = ciphers_server self.clientcerts = clientcerts self.no_upstream_cert = no_upstream_cert self.body_size_limit = body_size_limit @@ -85,8 +85,8 @@ class ProxyConfig: for spec, cert in certs: self.certstore.add_cert_file(spec, cert) self.certforward = certforward - self.openssl_client_method, self.openssl_client_options = version_to_openssl(ssl_version_client) - self.openssl_server_method, self.openssl_server_options = version_to_openssl(ssl_version_server) + self.openssl_method_client, self.openssl_options_client = version_to_openssl(ssl_version_client) + self.openssl_method_server, self.openssl_options_server = version_to_openssl(ssl_version_server) self.ssl_ports = ssl_ports @@ -190,8 +190,8 @@ def process_proxy_options(parser, options): ignore_hosts=options.ignore_hosts, tcp_hosts=options.tcp_hosts, authenticator=authenticator, - client_ciphers=options.client_ciphers, - server_ciphers=options.server_ciphers, + ciphers_client=options.ciphers_client, + ciphers_server=options.ciphers_server, certs=certs, certforward=options.certforward, ssl_version_client=options.ssl_version_client, @@ -212,25 +212,36 @@ def ssl_option_group(parser): 'The PEM file should contain the full certificate chain, with the leaf certificate as the first entry. ' 'Can be passed multiple times.' ) + group.add_argument( + "--cert-forward", action="store_true", + dest="certforward", default=False, + help="Simply forward SSL certificates from upstream." + ) + group.add_argument( + "--ciphers-client", action="store", + type=str, dest="ciphers_client", default=None, + help="Set supported ciphers for client connections. (OpenSSL Syntax)" + ) + group.add_argument( + "--ciphers-server", action="store", + type=str, dest="ciphers_server", default=None, + help="Set supported ciphers for server connections. (OpenSSL Syntax)" + ) group.add_argument( "--client-certs", action="store", type=str, dest="clientcerts", default=None, help="Client certificate directory." ) group.add_argument( - "--client-ciphers", action="store", - type=str, dest="client_ciphers", default=None, - help="Client facing SSL cipher specification." - ) - group.add_argument( - "--server-ciphers", action="store", - type=str, dest="server_ciphers", default=None, - help="Server facing SSL cipher specification." + "--no-upstream-cert", default=False, + action="store_true", dest="no_upstream_cert", + help="Don't connect to upstream server to look up certificate details." ) group.add_argument( - "--cert-forward", action="store_true", - dest="certforward", default=False, - help="Simply forward SSL certificates from upstream." + "--ssl-port", action="append", type=int, dest="ssl_ports", default=list(TRANSPARENT_SSL_PORTS), + metavar="PORT", + help="Can be passed multiple times. Specify destination ports which are assumed to be SSL. " + "Defaults to %s." % str(TRANSPARENT_SSL_PORTS) ) group.add_argument( "--ssl-version-client", dest="ssl_version_client", @@ -246,14 +257,3 @@ def ssl_option_group(parser): help="Set supported SSL/TLS version for server connections. " "SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure." ) - group.add_argument( - "--no-upstream-cert", default=False, - action="store_true", dest="no_upstream_cert", - help="Don't connect to upstream server to look up certificate details." - ) - group.add_argument( - "--ssl-port", action="append", type=int, dest="ssl_ports", default=list(TRANSPARENT_SSL_PORTS), - metavar="PORT", - help="Can be passed multiple times. Specify destination ports which are assumed to be SSL. " - "Defaults to %s." % str(TRANSPARENT_SSL_PORTS) - ) -- cgit v1.2.3