TLSv1.0 only enabled


#1

I have to connect via mitmproxy a site that only accept TLSv1.0 (I checked it with Internet Explorer by enabling alternatively the options in advanced configuration). I try to set --ssl-version-server TLSv1 but it seems to try also newer version of TLS and the server responds me with a connection reset.
How can I set only 1.0 version or how can I try the connection via curl or openssl?

Thanks


#2

I just checked this with Wireshark on master and mitmproxy correctly asks for TLS 1.0 - there is likely another reason why your server is refusing connections. Maybe it just dislikes some of the extensions we are sending, but we cannot help with that.


#3

It is correct is the same way if I try

openssl s_client -connect site:443 -tls1

?


#4

This looks correct, but the handshake will be slightly different with regard to TLS extensions and ciphers offered.


#5

I did more tests and the only way accepted by the remote site is

openssl s_client -connect site:443 -dtls1

Is it possible to specificy to mitmproxy this mode?

I’m using OpenSSL 1.1.0h 27 Mar 2018

Thanks a lot.


#6

I don’t think we support DTLS, sorry.


#7

It is related to pyOpenSSL? It is possible to modify sources by myself to achieve this support?


#8

Well dtls is TLS over UDP, which is pretty different from TLS over TCP. This is nothing that we could easily support.