Archives/SSLproxy
2
0
Fork 0
mirror of https://github.com/sonertari/SSLproxy synced 2024-11-18 03:25:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Document the limitations of passthrough mode (-P)

Browse Source
This commit is contained in:
Daniel Roethlisberger 2015-01-04 14:21:49 +01:00
parent 4f0a019d5a
commit b8d8af7b29
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
sslsplit.1
View File

@ -219,9 +219,14 @@ Passthrough SSL/TLS connections which cannot be split instead of dropping them.
Connections cannot be split if \fB-c\fP and \fB-k\fP are not given and the Connections cannot be split if \fB-c\fP and \fB-k\fP are not given and the
site does not match any certificate loaded using \fB-t\fP, or if the connection site does not match any certificate loaded using \fB-t\fP, or if the connection
to the original server gives SSL/TLS errors. Specifically, this happens if the to the original server gives SSL/TLS errors. Specifically, this happens if the
site requests a client certificate. Passthrough with \fB-P\fP results in site requests a client certificate.
uninterrupted service for the clients, while dropping is the more secure In these situations, passthrough with \fB-P\fP results in uninterrupted service
alternative if unmonitored connections must be prevented. for the clients, while dropping is the more secure alternative if unmonitored
connections must be prevented.
Passthrough mode currently does not apply to SSL/TLS errors in the connection
from the client, since the connection from the client cannot easily be retried.
Specifically, \fB-P\fP does not currently work for clients that do not accept
forged certificates.
.TP .TP
.B \-r \fIproto\fP .B \-r \fIproto\fP
Force SSL/TLS protocol version on both client and server side to \fIproto\fP Force SSL/TLS protocol version on both client and server side to \fIproto\fP