mirror of
https://github.com/sonertari/SSLproxy
synced 2024-11-02 15:40:19 +00:00
13c85ce5c1
OpenBSD 4.7+ and FreeBSD 9.0+ also include ipfw-style divert-to in pf, so build ipfw NAT engine as well if pf is detected. Reported by: Stuart Henderson
16 lines
955 B
Plaintext
16 lines
955 B
Plaintext
- Control SSL_OP_SINGLE_ECDH_USE and other de-optimizations by a
|
|
"prefer speed to security" command line option
|
|
- Optionally add ephemeral RSA key to SSL_CTX to allow export cipher suites
|
|
http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_rsa_callback.html
|
|
- Dump cipher suites sent by the client in debug mode
|
|
- Consider memory pools for use by per-connection state
|
|
- Handle renego & client cert authentication more gracefully
|
|
- Separate orig cert retrieval from actual fwd address/proto config
|
|
- CRL denial mode based on targetdir cert's CDPs or by identifying CRL ASN.1
|
|
- Browser update denial mode
|
|
- Extendable approach to broken certificate verification implementations
|
|
- Client fingerprinting: only intercept clients with headers matching regex
|
|
- Configurable and/or scriptable modification of requests and/or responses
|
|
- STARTTLS for various protocols
|
|
- Sample scripts for single file/fifo content log postprocessing
|