forked from droe/sslsplit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
TODO
15 lines (15 loc) · 955 Bytes
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
- Control SSL_OP_SINGLE_ECDH_USE and other de-optimizations by a
"prefer speed to security" command line option
- Optionally add ephemeral RSA key to SSL_CTX to allow export cipher suites
http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_rsa_callback.html
- Dump cipher suites sent by the client in debug mode
- Consider memory pools for use by per-connection state
- Handle renego & client cert authentication more gracefully
- Separate orig cert retrieval from actual fwd address/proto config
- CRL denial mode based on targetdir cert's CDPs or by identifying CRL ASN.1
- Browser update denial mode
- Extendable approach to broken certificate verification implementations
- Client fingerprinting: only intercept clients with headers matching regex
- Configurable and/or scriptable modification of requests and/or responses
- STARTTLS for various protocols
- Sample scripts for single file/fifo content log postprocessing