Possible to reverse proxy to mTLS authenticated backend?


#1

Hi! This seems like a really cool project. Thanks for all the hard work. I was wondering if it was possible to have mitmproxy do a reverse proxy to a remote mTLS authenticated host? I have a cert and key to be used for authentication, and I want to expose an endpoint on my localhost that does not require mTLS.


#2

Hi @nwwells,

What is “mTLS”? Are you referring to https://tools.ietf.org/html/draft-badra-hajjeh-mtls-06 or just mutually authenticated TLS?


#3

mutually authenticated TLS


#4

You can add client-side certificates to mitmproxy: http://docs.mitmproxy.org/en/stable/certinstall.html#using-a-client-side-certificate


#5

Thanks! not sure how I missed that!


#6

What about doing mutual authenticated TLS from the client to mitmproxy which then reverse proxies to some other HTTP/HTTPS server?


#7

@scobie_jon: Not sure if that’s a question, but mitmproxy supports that. :wink:


Is mutual TLS from client to mitmproxy possible in a reverse proxy configuration?