Module proxy
Available on crate feature
boring only.Expand description
Boring(ssl) proxy support for Rama.
While a proxy can be seen as a combination of a server and a client, this module provides explicit support for certain proxy flows.
For example MITM support found in this module is there to facilitate an explicit MITM flow such that high level you have the following handshake:
client | --- client hello (A) ----> | proxy | | server |
| | | ------- client hello (B) ---> | |
| | | <------ server hello (C) ---- | |
| <--- server hello (D) ---- | | | |Where:
- Client Hello of (B) is based on Client Hello of (A);
- Server config of (C) is based on server hello of (B);
- Issued cert for (C) is based on a mirror from the server cert used in (B).
NOTE that (1) requires that you provide the CH converted
as connector data to the TlsMitmRelay prior to handshake (relay).
In other words, even though it is recommended, it is optional.
Modules§
Structs§
- TlsMitm
Relay - A utility that can be used by MITM services such as transparent proxies, in order to relay (and MITM a TLS connection between a client and server, as part of a deep protocol inspection protocol (DPI) flow.
- TlsMitm
Relay Error - Error type for
TlsMitmRelay::handshakeand the service using it. - TlsMitm
Relay Service - A utility that can be used by MITM services such as transparent proxies, in order to relay (and MITM a TLS connection between a client and server, as part of a deep protocol inspection protocol (DPI) flow.
Enums§
- Handshake
Relay Classification - Classification of a handshake-time failure.
- TlsMitm
Relay Error Direction - Which side of the MITM relay a handshake error occurred on.
- TlsMitm
Relay Error Kind - Kind of
TlsMitmRelayError. Pattern-match this to drive caller-side policy.