|
|
|
@ -29,7 +29,7 @@
|
|
|
|
|
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
.\"
|
|
|
|
|
.TH "sslproxy" "1" "24 May 2020" "v0.8.0" "SSLproxy"
|
|
|
|
|
.TH "sslproxy" "1" "07 September 2020" "v0.8.1" "SSLproxy"
|
|
|
|
|
.SH NAME
|
|
|
|
|
sslproxy \-\- transparent SSL/TLS proxy for decrypting and diverting network
|
|
|
|
|
traffic to other programs for deep SSL inspection
|
|
|
|
@ -92,7 +92,8 @@ dynamically upgrade plain TCP to SSL in order to generically support SMTP
|
|
|
|
|
STARTTLS and similar upgrade mechanisms. SSLproxy fully supports Server Name
|
|
|
|
|
Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and
|
|
|
|
|
ECDHE cipher suites. Depending on the version of OpenSSL, SSLproxy supports
|
|
|
|
|
SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2, and optionally SSL 2.0 as well.
|
|
|
|
|
SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3, and optionally SSL 2.0 as
|
|
|
|
|
well.
|
|
|
|
|
.LP
|
|
|
|
|
For SSL/TLS connections, SSLproxy generates and signs forged X509v3
|
|
|
|
|
certificates on-the-fly, mimicking the original server certificate's subject
|
|
|
|
@ -370,7 +371,7 @@ This is useful when analyzing traffic to a server that only supports a specific
|
|
|
|
|
version of SSL/TLS and does not implement proper protocol negotiation.
|
|
|
|
|
Depending on build options and the version of OpenSSL that is used, the
|
|
|
|
|
following values for \fIproto\fP are accepted: \fBssl2\fP, \fBssl3\fP,
|
|
|
|
|
\fBtls10\fP, \fBtls11\fP and \fBtls12\fP.
|
|
|
|
|
\fBtls10\fP, \fBtls11\fP, \fBtls12\fP, and \fBtls13\fP.
|
|
|
|
|
Note that SSL 2.0 support is not built in by default because some servers
|
|
|
|
|
don't handle SSL 2.0 Client Hello messages gracefully.
|
|
|
|
|
.TP
|
|
|
|
@ -384,7 +385,7 @@ does not handle some protocol versions well, or to test behaviour with
|
|
|
|
|
different protocol versions.
|
|
|
|
|
Depending on build options and the version of OpenSSL that is used, the
|
|
|
|
|
following values for \fIproto\fP are accepted: \fBssl2\fP, \fBssl3\fP,
|
|
|
|
|
\fBtls10\fP, \fBtls11\fP and \fBtls12\fP.
|
|
|
|
|
\fBtls10\fP, \fBtls11\fP, \fBtls12\fP, and \fBtls13\fP.
|
|
|
|
|
Note that SSL 2.0 support is not built in by default because some servers
|
|
|
|
|
don't handle SSL 2.0 Client Hello messages gracefully.
|
|
|
|
|
.TP
|
|
|
|
|