I have to connect via mitmproxy a site that only accept TLSv1.0 (I checked it with Internet Explorer by enabling alternatively the options in advanced configuration). I try to set --ssl-version-server TLSv1 but it seems to try also newer version of TLS and the server responds me with a connection reset.
How can I set only 1.0 version or how can I try the connection via curl or openssl?
Thanks
I just checked this with Wireshark on master and mitmproxy correctly asks for TLS 1.0 - there is likely another reason why your server is refusing connections. Maybe it just dislikes some of the extensions we are sending, but we cannot help with that.
It is correct is the same way if I try
openssl s_client -connect site:443 -tls1
?
This looks correct, but the handshake will be slightly different with regard to TLS extensions and ciphers offered.
I did more tests and the only way accepted by the remote site is
openssl s_client -connect site:443 -dtls1
Is it possible to specificy to mitmproxy this mode?
I’m using OpenSSL 1.1.0h 27 Mar 2018
Thanks a lot.
I don’t think we support DTLS, sorry.
It is related to pyOpenSSL? It is possible to modify sources by myself to achieve this support?
Well dtls is TLS over UDP, which is pretty different from TLS over TCP. This is nothing that we could easily support.