I’m not sure if this a bug, or I am doing something wrong.
My goal: use mitmproxy as a transparent proxy (or as a reverse proxy) to debug the TLS traffic to specific host(s)
Problem: not a single client can verify the provided certificate. Tried it with openssl, gnutls, openjdk, firefox. The curl+openssl error is:
- SSLv3, TLS alert, Client hello (1):
curl: (35) error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
Release used: the docker image:
Mitmproxy version: 2.0.1 (release version)
Python version: 3.5.2
SSL version: OpenSSL 1.0.2k 26 Jan 2017
Workaround: setting my own self-signed certificate for a domain by using “–cert example.com=…” works fine.