3proxy SSL/TLS plugin
Plugin can be used to transparently decypher SSL/TLS data and TLS encryption to proxy.
potential securiy reasons.
ssl_certcache PATH_TO_CACHE
ssl_mitm
ssl_nomitm
ssl_srvcert
ssl_srvkey
ssl_serv
ssl_noserv
For transparent certificate spoofing:
ssl_certcache - path to certificates cache. For transparent spoofing cache must contain 3 files: 3proxy.pem - public
self-signed certificates, 3proxy.key - key for public certificates, server.key - this key will be used to generates
spoofed certificates.
Generated certificates will be placed to the same path.
ssl_mitm - spoof certificates for services started below. Using ssl_mitm is insecure, because proxy does not check certificates.
ssl_nomitm - do not spoof certificates for services started below
Example:
plugin /path/to/SslPlugin.dll ssl_plugin
ssl_certcache /path/to/cache/
ssl_mitm
proxy -p3128
ssl_nomitm
proxy -p3129
To protect traffic to server (https:// proxy) - since 0.9.5 version
ssl_srvcert - Server certificate (should not be selfsigned and must contain Alternative name)
ssl_srvkey - Server ceritifacte key
ssl_serv - require TLS connection for services below
ssl_noserv - do not require TLS connection for services below
Example:
plugin /path/to/SSLPlugin.so ssl_plugin
ssl_srvcert path_to_cert
ssl_srvkey path_to_key
ssl_serv
proxy -p33128
ssl_noserv
proxy -p3128
creates https:// proxy on 33128 and http:// proxy on 3128
Download:
- Plugin included into 3proxy 0.8
© Vladimir Dubrovin, License: BSD style