Use client-requested cipher suites for server connection and support anonymous suites #133
Comments
|
I research the API of openssl, do not find the appropriate function to set cipher list. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The cipher suites requested by the client should be used in the connection towards the server, as long as they can be handled by sslsplit and the version of OpenSSL that is in use. This idea came up in #126. This is a bit complex because we need to manually parse the cipher suites from the Client Hello message before creating the source SSL bufferevent in order to correctly configure the destination SSL bufferevent.
Support for anonymous cipher suites is currently untested and may or may not work. This should be tested (both ssl and autossl proxyspecs) and necessary fixes implemented so that when a client requests anonymous cipher suites, they are actually used.
The text was updated successfully, but these errors were encountered: