rama::tls::boring

Module proxy

Expand description

Boring(ssl) proxy support for Rama.

While a proxy can be seen as a combination of a server and a client, this module provides explicit support for certain proxy flows.

For example MITM support found in this module is there to facilitate an explicit MITM flow such that high level you have the following handshake:

client | --- client hello (A) ----> | proxy |                               | server |
       |                            |       | ------- client hello (B) ---> |        |
       |                            |       | <------ server hello (C) ---- |        |
       | <--- server hello (D) ---- |       |                               |        |

Where:

Client Hello of (B) is based on Client Hello of (A);
Server config of (C) is based on server hello of (B);
Issued cert for (C) is based on a mirror from the server cert used in (B).

NOTE that (1) requires that you provide the CH converted as connector data to the TlsMitmRelay prior to handshake (relay). In other words, even though it is recommended, it is optional.

Modules§

cert_issuer

Structs§

TlsMitmRelay: A utility that can be used by MITM services such as transparent proxies, in order to relay (and MITM a TLS connection between a client and server, as part of a deep protocol inspection protocol (DPI) flow.
TlsMitmRelayError: Error type for TlsMitmRelay::handshake and the service using it. Can be used to filter out cert-related issues due to the relay.
TlsMitmRelayService: A utility that can be used by MITM services such as transparent proxies, in order to relay (and MITM a TLS connection between a client and server, as part of a deep protocol inspection protocol (DPI) flow.

Module proxy

Module proxy Copy item path

Modules§

Structs§

Module proxy