[Privoxy-devel] HTTPS filtering in Privoxy

Vašek Švec va.svec at gmail.com
Tue May 26 00:40:52 UTC 2020 

Hello,

I've successfully cloned your repository and watched your last commits.
However, right now I'm preparing myself for master degree examination, so I
don't have time to rebase my changes on your repository. I'm not even able
to promise you, that I will find time to do it later. I will keep it in my
mind after exam, but I have also other duties at work and lot of other
stuff to do. I will inform you in case I will find time to work on in.

So there is tar of patch files in the attachment and I hereby release this
code under the GNU GPLv2 or later.

Best regards
Václav Švec

On Mon, May 25, 2020 at 11:28 AM Fabian Keil <fk at fabiankeil.de> wrote:

> Vašek Švec <va.svec at gmail.com> wrote:
>
> > I implemented filtering of incoming data from server over HTTPS in
> > Privoxy in 2017. We were mailing about it in 2017 in this mailing list,
> > but I hadn't enough time to fix all your comments. Now I rebased previous
> > improvements to Privoxy 3.0.28 and I made some other improvements in my
> > master thesis. I would like to offer you these improvements to potential
> > publication in official Privoxy sources.
>
> Great.
>
> A modified version of your previous patch was already committed
> in 2019 and was followed by a bunch of fixes and improvements.
>
> It will be part of the next Privoxy release once a few remaining
> issues have been fixed.
>
> > Current version of my improvements offers:
> >
> >    - Filtering of all data transmitted over HTTPS. (Client's requests and
> >    server's responses)
> >    - Server certificate check and sending information about failure to
> > the client. (already in version from 2017)
> >    - CGI interface over HTTPS
> >    - HTTPS sessions reusing (TLS connections are being reused for more
> > than one client's request to the same web server)
> >       - It reduces the time to load web page over HTTPS
> >    - HTTPS sessions sharing (the same principle as current
> >    connection-sharing for TCP connections)
> >    - Used cryptographic library LibreSSL or MbedTLS
> >    - LibreSSL supports to set value of Subject Alternative Name in
> >       generated certificates, so it's compatible with modern web
> > browsers.
> >       - User can select LibreSSL, MbedTLS or no cryptographic library in
> >       ./configure script using new switches.
> >    - Configuration
> >       - Usage of ssl tunnel for specified urls (already in version from
> >       2017)
> >       - Ignoring server certificate errors for specified urls  (already
> > in version from 2017)
> >       - Specification of cipher list for specified urls
> >
> > I can offer you patch file for each commit (84 patch files) if you are
> > interested in. They include adaptation of the original changes from
> > Privoxy version 3.0.26 to version 3.0.28 and new improvements.
>
> I'm obviously interested.
>
> Could you rebase your changes on Privoxy's git version, though?
>
> You can get it with: git clone https://www.privoxy.org/git/privoxy.git
> To enable the https inspection code, configure with --with-mbedtls.
>
> Fabian
> _______________________________________________
> Privoxy-devel mailing list
> Privoxy-devel at lists.privoxy.org
> https://lists.privoxy.org/mailman/listinfo/privoxy-devel
>

More information about the Privoxy-devel mailing list