Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
320 Commits
2 Branches
25 Tags
3.0 MiB
develop
master
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c8e9f231bd'
${ noResults }
Commit Graph

31 Commits (c8e9f231bdeb045422d0c2cc05b5ea07b37dab5d)

Author SHA1 Message Date
Daniel Roethlisberger f076336e0b Don't allow -u on Mac OS X with pf proxyspecs 
Apple checks EUID==0 on ioctl(/dev/pf), whereas OpenBSD and FreeBSD only
check permissions on open(/dev/pf).  This means that on OS X, it is not
possible to open /dev/pf, drop privileges, and send an ioctl to the file
descriptor opened earlier with EUID==0.  It also means Apple broke the
Unix way of dealing with device nodes - why are there file permissions
on /dev/pf when they later enforce EUID==0 on use, thereby breaking
basic Unix mechanisms?  Work around this by disallowing -u with pf
proxyspecs and by not automatically dropping to nobody on Mac OS X.

Issue:		#65
Reported by:	Vladimir Marteev
 10 years ago
Daniel Roethlisberger a9bd438756 Minor updates to manual page 10 years ago
Daniel Roethlisberger 125163a003 Add local process lookup on FreeBSD using sysctl() API 10 years ago
Daniel Roethlisberger 84dfba04f2 Update manual page 10 years ago
Daniel Roethlisberger 96ad8f92af Add -i and restore order 10 years ago
Daniel Roethlisberger 81241139c7 Merge branch 'logspec_path_support' of git://github.com/fix-macosx/sslsplit into issue/55 10 years ago
Daniel Roethlisberger a5ccfa3d4b Remove SSLv2 bug section and add contributors 10 years ago
Landon Fuller bea605d7ca
Update the man page to include the -F option and its logspec directives. 10 years ago
Daniel Roethlisberger 6b0e47dc89 Allow more control over used SSL/TLS versions 
Add -r to force a specific SSL/TLS protocol version.
Add -R to disable one or several SSL/TLS protocol versions.
Replace WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER to WITH_SSLV2.

Issue:		#30
Reported by:	@Apollo2342
 10 years ago
Daniel Roethlisberger edf1dac8fa Improve manual page re protocols and scalability 
Issue:		#42
 10 years ago
Daniel Roethlisberger 769fbd042d Filter HSTS response headers to allow cert override 
Also remove HTTP Strict Transport Security (HSTS, RFC 6797) headers from
HTTP responses.  With HSTS active, the user is not allowed to accept
untrusted certificates.
 10 years ago
Daniel Roethlisberger 0a225ae65c Update documentation after merging pull req #35 10 years ago
Daniel Roethlisberger 85b177f6b0 Special device nodes may be needed for -j to work 10 years ago
Daniel Roethlisberger 3226d9bfcf No longer chroot() by default when run as root 
No longer implicitly use -j /var/empty by default and document clearly
the implications of using -j with -S and/or sni proxyspecs.

Issue:		#21
 11 years ago
Daniel Roethlisberger 6643d832d9 Add experimental support for pf on Mac OS X 
Support pf rdr on Mac OS X 10.7, 10.8 and 10.9 by including the missing
Apple headers in the source tree and enable private Apple code.  Since
we are using an interface marked private by Apple, this code is very
experimental.

Issue:		#15
Reported by:	Amit Chowdhary
 11 years ago
Daniel Roethlisberger ca923ee7f1 Update copyright notices to 2014 11 years ago
Daniel Roethlisberger 8cc81c7f1c FreeBSD pf also has divert-to since 9.0-RELEASE 11 years ago
Daniel Roethlisberger 0987300e28 Improve IPFW and pf wording in the documentation 11 years ago
Daniel Roethlisberger 68a60b9734 Update manual page for OpenBSD 
Add configuration examples for both old and new OpenBSD pf syntax and
give an example of using OpenBSD pf divert sockets for redirection.
Based on the OpenBSD port patchset.

Reported by:	Stuart Henderson
 11 years ago
Daniel Roethlisberger c73ce64c16 Update README and manual page for HPKP prevention 11 years ago
Daniel Roethlisberger c972501063 Update copyright notices 11 years ago
Daniel Roethlisberger 807b7c1d3b Fix typo in manpage 12 years ago
Daniel Roethlisberger 62af96e413 Clarify when it is preferred to use SNI proxyspecs 12 years ago
Daniel Roethlisberger 3742404fe9 Update ECDH default curve name in manual page 12 years ago
Daniel Roethlisberger 7ad1deb680 Document intended use of SSLsplit 12 years ago
Daniel Roethlisberger 6d58824de2 Fix typo in manual page 12 years ago
Daniel Roethlisberger 2d1ad219b9 Change default cipher suite to "ALL:-aNULL" 12 years ago
Daniel Roethlisberger 1bd2872b20 DH group parameters are also loaded from -c 12 years ago
Daniel Roethlisberger 7aca81a7b7 Improve CA cert/key config code and docs 
Make -c and -k functional twins by also loading DH params in -c and by
fixing certificate loading in -k.  Improve the documentation for both
switches and simplify the SYNOPSIS in sslsplit(1).
 12 years ago
Daniel Roethlisberger ee98c04b29 Add generic OCSP denial 12 years ago
Daniel Roethlisberger 4cfdef405a Initial import of sslsplit-0.4.2 12 years ago