# TestProxy test configuration for sslproxy v0.8.7 # Global options #User _sslproxy #Group _sslproxy #Chroot /var/run/sslproxy PidFile /var/run/sslproxy.pid #Daemon yes Debug yes DebugLevel 4 #OpenFilesLimit 1024 #LeafKey /etc/sslproxy/leaf.key #LeafKeyRSABits 2048 #LeafCertDir /etc/sslproxy/leaf.d #DefaultLeafCert /etc/sslproxy/leaf.pem #WriteGenCertsDir /var/log/sslproxy #WriteAllCertsDir /var/log/sslproxy #OpenSSLEngine cloudhsm #ConnectLog /var/log/sslproxy/connect.log #ContentLog /var/log/sslproxy/content.log #ContentLogDir /var/log/sslproxy/content #ContentLogPathSpec /var/log/sslproxy/%X/%u-%s-%d-%T.log #LogProcInfo yes #PcapLog /var/log/sslproxy/content.pcap #PcapLogDir /var/log/sslproxy/pcap #PcapLogPathSpec /var/log/sslproxy/%X/%u-%s-%d-%T.pcap #MirrorIf lo #MirrorTarget 192.0.2.1 #MasterKeyLog /var/log/sslproxy/masterkeys.log LogStats yes StatsPeriod 1 ConnIdleTimeout 120 ExpiredConnCheckPeriod 10 UserDBPath users.db # Default ProxySpec options (cloned to each proxyspec) CACert ca.crt CAKey ca.key #ClientCert /etc/sslproxy/client.crt #ClientKey /etc/sslproxy/client.key #CAChain /etc/sslproxy/chain.crt #LeafCRLURL http://example.com/example.crl #DenyOCSP yes #Passthrough yes #DHGroupParams /etc/sslproxy/dh.pem #ECDHCurve prime256v1 #SSLCompression no #ForceSSLProto tls12 #DisableSSLProto tls10 #MinSSLProto tls10 #MaxSSLProto tls13 #Ciphers MEDIUM:HIGH #CipherSuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 #NATEngine netfilter #RemoveHTTPAcceptEncoding no #RemoveHTTPReferer yes VerifyPeer no #AllowWrongHost no #UserAuth no #UserTimeout 300 #UserAuthURL https://192.168.0.1/userdblogin.php #ValidateProto no #MaxHTTPHeaderSize 8192 #PassSite example.com #PassSite example.com 192.168.0.1 #PassSite example.com soner #PassSite *.google.com * android #Divert yes # Tests for tcp connection over ssl proxyspec ProxySpec https 127.0.0.1 8441 up:8080 127.0.0.1 9441 ProxySpec { Proto https Addr 127.0.0.1 Port 8442 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9442 ValidateProto yes } # Tests for ssl connection on tcp proxyspec ProxySpec { Proto http Addr 127.0.0.1 Port 8183 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9183 ValidateProto yes } # Tests for HTTP GET method validation ProxySpec { Proto http Addr 127.0.0.1 Port 8184 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9184 ValidateProto yes } ProxySpec { Proto https Addr 127.0.0.1 Port 8444 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9444 ValidateProto yes } # Tests for HTTP POST method validation ProxySpec { Proto http Addr 127.0.0.1 Port 8185 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9185 ValidateProto yes } ProxySpec { Proto https Addr 127.0.0.1 Port 8445 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9445 ValidateProto yes } # Tests for SSL configuration ProxySpec https 127.0.0.1 8443 up:8080 127.0.0.1 9443 # Tests for SSL configuration: tls10 only ProxySpec { Proto https Addr 127.0.0.1 Port 8449 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9449 ForceSSLProto tls10 } # Tests for SSL configuration: tls11 only ProxySpec { Proto https Addr 127.0.0.1 Port 8450 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9450 ForceSSLProto tls11 } # Tests for SSL configuration: tls12 only ProxySpec { Proto https Addr 127.0.0.1 Port 8451 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9451 ForceSSLProto tls12 } # Tests for SSL configuration: Rejects unsupported SSL/TLS proto ProxySpec { Proto https Addr 127.0.0.1 Port 8452 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9452 ForceSSLProto tls10 } ProxySpec { Proto https Addr 127.0.0.1 Port 8453 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9453 ForceSSLProto tls12 } # Tests for HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer ProxySpec http 127.0.0.1 8180 up:8080 127.0.0.1 9180 ProxySpec https 127.0.0.1 8446 up:8080 127.0.0.1 9446 # Tests for HTTP response headers: Public-Key-Pins, Public-Key-Pins-Report-Only, Strict-Transport-Security, Expect-CT, Alternate-Protocol, Upgrade, OCSP request ProxySpec http 127.0.0.1 8181 up:8080 127.0.0.1 9181 ProxySpec https 127.0.0.1 8447 up:8080 127.0.0.1 9447 # Tests for HTTP response headers: Deny OCSP request, remove Accept-Encoding, and do not remove Referer ProxySpec { Proto http Addr 127.0.0.1 Port 8186 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9186 DenyOCSP yes RemoveHTTPAcceptEncoding yes RemoveHTTPReferer no } ProxySpec { Proto https Addr 127.0.0.1 Port 8448 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9448 DenyOCSP yes RemoveHTTPAcceptEncoding yes RemoveHTTPReferer no } # Tests for Passthrough ProxySpec { Proto https Addr 127.0.0.1 Port 8454 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9454 Passthrough yes VerifyPeer yes } # Tests for VerifyPeer ProxySpec https 127.0.0.1 8455 up:8080 127.0.0.1 9455 ProxySpec { Proto https Addr 127.0.0.1 Port 8456 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9456 VerifyPeer yes } # Tests for CACert/CAKey ProxySpec https 127.0.0.1 8457 up:8080 127.0.0.1 9457 ProxySpec { Proto https Addr 127.0.0.1 Port 8458 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9458 CACert ca2.crt CAKey ca2.key } # Tests for UserAuth ProxySpec { Proto http Addr 127.0.0.1 Port 8187 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9187 UserAuth yes } ProxySpec { Proto https Addr 127.0.0.1 Port 8459 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9459 UserAuth yes } # Tests for POP3 ProxySpec { Proto pop3 Addr 127.0.0.1 Port 8188 DivertPort 8110 TargetAddr 127.0.0.1 TargetPort 9188 ValidateProto yes } ProxySpec { Proto pop3s Addr 127.0.0.1 Port 8460 DivertPort 8110 TargetAddr 127.0.0.1 TargetPort 9460 ValidateProto yes } # Tests for SMTP ProxySpec { Proto smtp Addr 127.0.0.1 Port 8189 DivertPort 9199 TargetAddr 127.0.0.1 TargetPort 9189 ValidateProto yes } ProxySpec { Proto smtps Addr 127.0.0.1 Port 8461 DivertPort 9199 TargetAddr 127.0.0.1 TargetPort 9461 ValidateProto yes } # SSLsplit mode tests for HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer ProxySpec http 127.0.0.1 8190 127.0.0.1 9190 ProxySpec https 127.0.0.1 8463 127.0.0.1 9463