[Privoxy-devel] HTTPS filtering in Privoxy
Vašek Švec
va.svec at gmail.com
Sun May 24 18:39:28 UTC 2020
Hello,
I implemented filtering of incoming data from server over HTTPS in Privoxy
in 2017. We were mailing about it in 2017 in this mailing list, but I
hadn't enough time to fix all your comments. Now I rebased previous
improvements to Privoxy 3.0.28 and I made some other improvements in my
master thesis. I would like to offer you these improvements to potential
publication in official Privoxy sources.
Current version of my improvements offers:
- Filtering of all data transmitted over HTTPS. (Client's requests and
server's responses)
- Server certificate check and sending information about failure to the
client. (already in version from 2017)
- CGI interface over HTTPS
- HTTPS sessions reusing (TLS connections are being reused for more than
one client's request to the same web server)
- It reduces the time to load web page over HTTPS
- HTTPS sessions sharing (the same principle as current
connection-sharing for TCP connections)
- Used cryptographic library LibreSSL or MbedTLS
- LibreSSL supports to set value of Subject Alternative Name in
generated certificates, so it's compatible with modern web browsers.
- User can select LibreSSL, MbedTLS or no cryptographic library in
./configure script using new switches.
- Configuration
- Usage of ssl tunnel for specified urls (already in version from
2017)
- Ignoring server certificate errors for specified urls (already in
version from 2017)
- Specification of cipher list for specified urls
I can offer you patch file for each commit (84 patch files) if you are
interested in. They include adaptation of the original changes from Privoxy
version 3.0.26 to version 3.0.28 and new improvements.
Best regards
Václav Švec
More information about the Privoxy-devel
mailing list