aboutsummaryrefslogtreecommitdiffstats
path: root/libmproxy/protocol/http.py
diff options
context:
space:
mode:
authorMaximilian Hils <git@maximilianhils.com>2014-10-21 15:08:39 +0200
committerMaximilian Hils <git@maximilianhils.com>2014-10-21 15:08:39 +0200
commit6cef6fbfec92f1154b6a5b986548478137598975 (patch)
tree753cc9c793bde27c58806a0993788d440307e802 /libmproxy/protocol/http.py
parent37cc6ae0bbb32e528435f821469d36055574a810 (diff)
downloadmitmproxy-6cef6fbfec92f1154b6a5b986548478137598975.tar.gz
mitmproxy-6cef6fbfec92f1154b6a5b986548478137598975.tar.bz2
mitmproxy-6cef6fbfec92f1154b6a5b986548478137598975.zip
tweak SSL detection heuristics
Diffstat (limited to 'libmproxy/protocol/http.py')
-rw-r--r--libmproxy/protocol/http.py10
1 files changed, 9 insertions, 1 deletions
diff --git a/libmproxy/protocol/http.py b/libmproxy/protocol/http.py
index 33d860ca..adb743a2 100644
--- a/libmproxy/protocol/http.py
+++ b/libmproxy/protocol/http.py
@@ -1269,7 +1269,15 @@ class HTTPHandler(ProtocolHandler):
self.expected_form_out = "relative"
self.skip_authentication = True
- if address.port in self.c.config.ssl_ports:
+ # In practice, nobody issues a CONNECT request to send unencrypted HTTP requests afterwards.
+ # If we don't delegate to TCP mode, we should always negotiate a SSL connection.
+ should_establish_ssl = (
+ address.port in self.c.config.ssl_ports
+ or
+ not self.c.config.check_tcp(address)
+ )
+
+ if should_establish_ssl:
self.c.log("Received CONNECT request to SSL port. Upgrading to SSL...", "debug")
self.c.establish_ssl(server=True, client=True)
self.c.log("Upgrade to SSL completed.", "debug")
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-16 14:22:14 +0000