MCPcopy Index your code
hub / github.com/mitmproxy/mitmproxy / TlsConfig

Class TlsConfig

mitmproxy/addons/tlsconfig.py:117–644  ·  view source on GitHub ↗

This addon supplies the proxy core with the desired OpenSSL connection objects to negotiate TLS.

Source from the content-addressed store, hash-verified

115
116
117class TlsConfig:
118 """
119 This addon supplies the proxy core with the desired OpenSSL connection objects to negotiate TLS.
120 """
121
122 certstore: certs.CertStore = None # type: ignore
123
124 # TODO: We should support configuring TLS 1.3 cipher suites (https://github.com/mitmproxy/mitmproxy/issues/4260)
125 # TODO: We should re-use SSL.Context options here, if only for TLS session resumption.
126 # This may require patches to pyOpenSSL, as some functionality is only exposed on contexts.
127 # TODO: This addon should manage the following options itself, which are current defined in mitmproxy/options.py:
128 # - upstream_cert
129 # - add_upstream_certs_to_client_chain
130 # - key_size
131 # - certs
132 # - cert_passphrase
133 # - ssl_verify_upstream_trusted_ca
134 # - ssl_verify_upstream_trusted_confdir
135
136 def load(self, loader):
137 insecure_tls_min_versions = (
138 ", ".join(x.name for x in net_tls.INSECURE_TLS_MIN_VERSIONS[:-1])
139 + f" and {net_tls.INSECURE_TLS_MIN_VERSIONS[-1].name}"
140 )
141 loader.add_option(
142 name="tls_version_client_min",
143 typespec=str,
144 default=net_tls.DEFAULT_MIN_VERSION.name,
145 choices=[x.name for x in net_tls.Version],
146 help=f"Set the minimum TLS version for client connections. "
147 f"{insecure_tls_min_versions} are insecure.",
148 )
149 loader.add_option(
150 name="tls_version_client_max",
151 typespec=str,
152 default=net_tls.DEFAULT_MAX_VERSION.name,
153 choices=[x.name for x in net_tls.Version],
154 help=f"Set the maximum TLS version for client connections.",
155 )
156 loader.add_option(
157 name="tls_version_server_min",
158 typespec=str,
159 default=net_tls.DEFAULT_MIN_VERSION.name,
160 choices=[x.name for x in net_tls.Version],
161 help=f"Set the minimum TLS version for server connections. "
162 f"{insecure_tls_min_versions} are insecure.",
163 )
164 loader.add_option(
165 name="tls_version_server_max",
166 typespec=str,
167 default=net_tls.DEFAULT_MAX_VERSION.name,
168 choices=[x.name for x in net_tls.Version],
169 help=f"Set the maximum TLS version for server connections.",
170 )
171 loader.add_option(
172 name="tls_ecdh_curve_client",
173 typespec=str | None,
174 default=None,

Callers 4

test_regular_http3Function · 0.90
test_playbackFunction · 0.90

Calls

no outgoing calls

Tested by 4

test_regular_http3Function · 0.72
test_playbackFunction · 0.72

Used in the wild real call sites across dependent graphs

searching dependent graphs…