SSLproxy/tests/testproxy/sslproxy_no_tls11.conf

272 lines
5.3 KiB
Plaintext
Raw Normal View History

2020-05-23 21:22:23 +00:00
# TestProxy test configuration for sslproxy v0.8.0
# Global options
#User _sslproxy
#Group _sslproxy
#Chroot /var/run/sslproxy
PidFile /var/run/sslproxy.pid
#Daemon yes
Debug yes
DebugLevel 4
#OpenFilesLimit 1024
#LeafKey /etc/sslproxy/leaf.key
#LeafKeyRSABits 2048
#LeafCertDir /etc/sslproxy/leaf.d
#DefaultLeafCert /etc/sslproxy/leaf.pem
#WriteGenCertsDir /var/log/sslproxy
#WriteAllCertsDir /var/log/sslproxy
#OpenSSLEngine cloudhsm
#ConnectLog /var/log/sslproxy/connect.log
#ContentLog /var/log/sslproxy/content.log
#ContentLogDir /var/log/sslproxy/content
#ContentLogPathSpec /var/log/sslproxy/%X/%u-%s-%d-%T.log
#LogProcInfo yes
#PcapLog /var/log/sslproxy/content.pcap
#PcapLogDir /var/log/sslproxy/pcap
#PcapLogPathSpec /var/log/sslproxy/%X/%u-%s-%d-%T.pcap
#MirrorIf lo
#MirrorTarget 192.0.2.1
#MasterKeyLog /var/log/sslproxy/masterkeys.log
LogStats yes
StatsPeriod 1
ConnIdleTimeout 120
ExpiredConnCheckPeriod 10
UserDBPath users.db
# Default ProxySpec options (cloned to each proxyspec)
CACert ca.crt
CAKey ca.key
#ClientCert /etc/sslproxy/client.crt
#ClientKey /etc/sslproxy/client.key
#CAChain /etc/sslproxy/chain.crt
#LeafCRLURL http://example.com/example.crl
#DenyOCSP yes
#Passthrough yes
#DHGroupParams /etc/sslproxy/dh.pem
#ECDHCurve prime256v1
#SSLCompression no
#ForceSSLProto tls12
#DisableSSLProto tls10
#MinSSLProto tls10
#MaxSSLProto tls12
#Ciphers MEDIUM:HIGH
2020-06-27 20:39:41 +00:00
#CipherSuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
#NATEngine netfilter
#RemoveHTTPAcceptEncoding no
#RemoveHTTPReferer yes
VerifyPeer no
#AllowWrongHost no
#UserAuth no
#UserTimeout 300
#UserAuthURL https://192.168.0.1/userdblogin.php
#ValidateProto no
#MaxHTTPHeaderSize 8192
#PassSite example.com
#PassSite example.com 192.168.0.1
#PassSite example.com soner
#PassSite *.google.com * android
# Tests for tcp connection over ssl proxyspec
ProxySpec https 127.0.0.1 8441 up:8080 127.0.0.1 9441
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8442
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9442
ValidateProto yes
}
# Tests for ssl connection on tcp proxyspec
ProxySpec {
Proto http
Addr 127.0.0.1
Port 8183
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9183
ValidateProto yes
}
# Tests for HTTP GET method validation
ProxySpec {
Proto http
Addr 127.0.0.1
Port 8184
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9184
ValidateProto yes
}
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8444
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9444
ValidateProto yes
}
# Tests for HTTP POST method validation
ProxySpec {
Proto http
Addr 127.0.0.1
Port 8185
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9185
ValidateProto yes
}
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8445
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9445
ValidateProto yes
}
# Tests for SSL configuration
# Tests for SSL configuration: tls10 only
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8449
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9449
ForceSSLProto tls10
}
# Tests for HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer
ProxySpec http 127.0.0.1 8180 up:8080 127.0.0.1 9180
ProxySpec https 127.0.0.1 8446 up:8080 127.0.0.1 9446
# Tests for HTTP response headers: Public-Key-Pins, Public-Key-Pins-Report-Only, Strict-Transport-Security, Expect-CT, Alternate-Protocol, Upgrade, OCSP request
ProxySpec http 127.0.0.1 8181 up:8080 127.0.0.1 9181
ProxySpec https 127.0.0.1 8447 up:8080 127.0.0.1 9447
# Tests for HTTP response headers: Deny OCSP request, remove Accept-Encoding, and do not remove Referer
ProxySpec {
Proto http
Addr 127.0.0.1
Port 8186
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9186
DenyOCSP yes
RemoveHTTPAcceptEncoding yes
RemoveHTTPReferer no
}
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8448
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9448
DenyOCSP yes
RemoveHTTPAcceptEncoding yes
RemoveHTTPReferer no
}
# Tests for Passthrough
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8454
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9454
Passthrough yes
VerifyPeer yes
}
# Tests for VerifyPeer
ProxySpec https 127.0.0.1 8455 up:8080 127.0.0.1 9455
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8456
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9456
VerifyPeer yes
}
# Tests for CACert/CAKey
ProxySpec https 127.0.0.1 8457 up:8080 127.0.0.1 9457
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8458
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9458
CACert ca2.crt
CAKey ca2.key
}
# Tests for UserAuth
ProxySpec {
Proto http
Addr 127.0.0.1
Port 8187
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9187
UserAuth yes
}
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8459
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9459
UserAuth yes
}
# Tests for POP3
ProxySpec {
Proto pop3
Addr 127.0.0.1
Port 8188
DivertPort 8110
TargetAddr 127.0.0.1
TargetPort 9188
ValidateProto yes
}
ProxySpec {
Proto pop3s
Addr 127.0.0.1
Port 8460
DivertPort 8110
TargetAddr 127.0.0.1
TargetPort 9460
ValidateProto yes
}
# Tests for SMTP
ProxySpec {
Proto smtp
Addr 127.0.0.1
Port 8189
DivertPort 9199
TargetAddr 127.0.0.1
TargetPort 9189
ValidateProto yes
}
ProxySpec {
Proto smtps
Addr 127.0.0.1
Port 8461
DivertPort 9199
TargetAddr 127.0.0.1
TargetPort 9461
ValidateProto yes
}