|
|
|
@ -1,5 +1,5 @@
|
|
|
|
|
.\" SSLproxy - transparent SSL/TLS proxy for diverting packets to programs
|
|
|
|
|
.\" Copyright (c) 2017, Soner Tari <sonertari@gmail.com>
|
|
|
|
|
.\" Copyright (c) 2017-2018, Soner Tari <sonertari@gmail.com>
|
|
|
|
|
.\" Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
|
|
|
|
|
.\" All rights reserved.
|
|
|
|
|
.\" https://github.com/sonertari/SSLproxy
|
|
|
|
@ -28,7 +28,7 @@
|
|
|
|
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
|
|
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
.\"
|
|
|
|
|
.TH SSLPROXY 1 "24 August 2017"
|
|
|
|
|
.TH SSLPROXY 1 "9 February 2018"
|
|
|
|
|
.SH NAME
|
|
|
|
|
sslproxy \-\- transparent SSL/TLS proxy for diverting packets to programs
|
|
|
|
|
.SH SYNOPSIS
|
|
|
|
@ -112,11 +112,10 @@ usage. Accordingly, connections are closed if they remain idle for a certain
|
|
|
|
|
period of time. The default timeout is 120 seconds, which can be changed in a
|
|
|
|
|
configuration file.
|
|
|
|
|
.LP
|
|
|
|
|
In order to maximize the chances that a connection can be successfully split,
|
|
|
|
|
SSLproxy does not verify upstream server certificates. Instead, all
|
|
|
|
|
certificates including self-signed are accepted and if the expected hostname
|
|
|
|
|
signaled in SNI is missing from the server certificate, it will be added to
|
|
|
|
|
dynamically forged certificates.
|
|
|
|
|
SSLproxy verifies upstream certificates by default. If the verification fails,
|
|
|
|
|
the connection is terminated immediately. This is in contrast to SSLsplit,
|
|
|
|
|
because in order to maximize the chances that a connection can be successfully
|
|
|
|
|
split, SSLsplit accepts all certificates including self-signed ones.
|
|
|
|
|
.LP
|
|
|
|
|
SSLproxy does not automagically redirect any network traffic. To actually
|
|
|
|
|
implement a proxy, you also need to redirect the traffic to the system
|
|
|
|
|