2013-04-03 16:05:51 +00:00
|
|
|
- Strip HPKP headers from responses to prevent pinning
|
|
|
|
- Rewrite header munging
|
2013-01-26 18:02:25 +00:00
|
|
|
- Control SSL_OP_SINGLE_ECDH_USE and other de-optimizations by a
|
|
|
|
"prefer speed to security" command line option
|
2012-08-06 06:33:17 +00:00
|
|
|
- Optionally add ephemeral RSA key to SSL_CTX to allow export cipher suites
|
|
|
|
http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_rsa_callback.html
|
2012-10-01 12:47:45 +00:00
|
|
|
- Dump cipher suites sent by the client in debug mode
|
2012-06-05 20:59:20 +00:00
|
|
|
- Consider memory pools for use by per-connection state
|
2012-04-13 12:47:30 +00:00
|
|
|
- Parse some information from HTTP responses (status, size)
|
|
|
|
- Handle renego & client cert authentication more gracefully
|
|
|
|
- Separate orig cert retrieval from actual fwd address/proto config
|
2012-04-22 17:12:38 +00:00
|
|
|
- CRL denial mode based on targetdir cert's CDPs or by identifying CRL ASN.1
|
2012-04-30 21:27:41 +00:00
|
|
|
- Browser update denial mode
|
|
|
|
- Extendable approach to broken certificate verification implementations
|
2012-04-13 12:47:30 +00:00
|
|
|
- Client fingerprinting: only intercept clients with headers matching regex
|
|
|
|
- Configurable and/or scriptable modification of requests and/or responses
|
|
|
|
- STARTTLS for various protocols
|
|
|
|
- Sample scripts for single file/fifo content log postprocessing
|