Possible to reverse proxy to mTLS authenticated backend?


Hi! This seems like a really cool project. Thanks for all the hard work. I was wondering if it was possible to have mitmproxy do a reverse proxy to a remote mTLS authenticated host? I have a cert and key to be used for authentication, and I want to expose an endpoint on my localhost that does not require mTLS.


Hi @nwwells,

What is “mTLS”? Are you referring to https://tools.ietf.org/html/draft-badra-hajjeh-mtls-06 or just mutually authenticated TLS?


mutually authenticated TLS


You can add client-side certificates to mitmproxy: http://docs.mitmproxy.org/en/stable/certinstall.html#using-a-client-side-certificate


Thanks! not sure how I missed that!


What about doing mutual authenticated TLS from the client to mitmproxy which then reverse proxies to some other HTTP/HTTPS server?


@scobie_jon: Not sure if that’s a question, but mitmproxy supports that. :wink:

Is mutual TLS from client to mitmproxy possible in a reverse proxy configuration?