Possible to reverse proxy to mTLS authenticated backend?

Hi! This seems like a really cool project. Thanks for all the hard work. I was wondering if it was possible to have mitmproxy do a reverse proxy to a remote mTLS authenticated host? I have a cert and key to be used for authentication, and I want to expose an endpoint on my localhost that does not require mTLS.

Hi @nwwells,

What is “mTLS”? Are you referring to https://tools.ietf.org/html/draft-badra-hajjeh-mtls-06 or just mutually authenticated TLS?

mutually authenticated TLS

You can add client-side certificates to mitmproxy: http://docs.mitmproxy.org/en/stable/certinstall.html#using-a-client-side-certificate

1 Like

Thanks! not sure how I missed that!

1 Like

What about doing mutual authenticated TLS from the client to mitmproxy which then reverse proxies to some other HTTP/HTTPS server?

@scobie_jon: Not sure if that’s a question, but mitmproxy supports that. :wink: