mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-27 02:24:18 +00:00
speed up TLS handshake if SNI is present
This commit is contained in:
parent
714ba16111
commit
7f894c131b
@ -341,14 +341,16 @@ class TlsLayer(Layer):
|
|||||||
https://www.openssl.org/docs/ssl/SSL_CTX_set_cert_cb.html
|
https://www.openssl.org/docs/ssl/SSL_CTX_set_cert_cb.html
|
||||||
- The original mitmproxy issue is https://github.com/mitmproxy/mitmproxy/issues/427
|
- The original mitmproxy issue is https://github.com/mitmproxy/mitmproxy/issues/427
|
||||||
"""
|
"""
|
||||||
|
|
||||||
client_tls_requires_server_cert = (
|
|
||||||
self._client_tls and self._server_tls and not self.config.no_upstream_cert
|
|
||||||
)
|
|
||||||
|
|
||||||
if self._client_tls:
|
if self._client_tls:
|
||||||
self._parse_client_hello()
|
self._parse_client_hello()
|
||||||
|
|
||||||
|
# First, this requires that we have TLS on both the client and the server connection.
|
||||||
|
# Second, this must be disabled if the user specified --no-upstream-cert
|
||||||
|
# Third, if the client sends a SNI value, we can be reasonably sure that this is the actual target host.
|
||||||
|
client_tls_requires_server_cert = (
|
||||||
|
self._client_tls and self._server_tls and not self.config.no_upstream_cert and not self.client_sni
|
||||||
|
)
|
||||||
|
|
||||||
if client_tls_requires_server_cert:
|
if client_tls_requires_server_cert:
|
||||||
self._establish_tls_with_client_and_server()
|
self._establish_tls_with_client_and_server()
|
||||||
elif self._client_tls:
|
elif self._client_tls:
|
||||||
|
Loading…
Reference in New Issue
Block a user