SSLproxy 0.8.4

Add split mode of operation similar to SSLsplit. In split mode, packets are not diverted to listening programs, effectively making SSLproxy behave like SSLsplit. Split mode can be defined globally or per-proxyspec.

SSLproxy 0.8.3

• Improve UserAuth user control lists.
• Improve documentation.

SSLproxy 0.8.2

• Add DivertUsers and PassUsers options.
• Allow mirroring without explicit target, copied from SSLsplit.
• Various fixes and improvements.

SSLproxy 0.8.1

• Partial support for TLS 1.3. No support for encrypted SNI. TLS 1.3 is enabled by default depending on the version of OpenSSL.
• Add -U CipherSuites option for TLS 1.3.
• Add WITHOUT_USERAUTH switch, which removes the dependency on sqlite too.
• Improve testproxy e2e tests.
• Various fixes and improvements.

SSLproxy 0.8.0

• Restructure source tree, create src and tests folders, move files and update make files accordingly.
• Automate testproxy e2e tests, add them to travis config except for osx.
• Improve verbose debug logs using common header fields to better identify connections. Create macro functions for fine* debug logs.
• Switch from thrmgr to connection handling thread asap. Cleanly decouple code for thrmgr and conn handling threads. This prevents possible multithreading issues between thrmgr and conn handling threads. So remove thr mutex and BEV_OPT_THREADSAFE. The proxy core runs lockless now.
• Offload thrmgr. Carry almost all conn init tasks from thrmgr to conn handling thread. Remove pending ssl conns list.
• Convert linked lists to doubly linked lists. It is very fast to remove a list node now. And disable all conn ids unless debugging.
• Fix readcb and writecb before connected, do not enable srvdst readcb until connected, enable read and write callbacks only after connected, disable unnecessary callbacks.
• Do not use privsep to open socket for child listener.
• Shut ssl conns down immediately after setting SSL_RECEIVED_SHUTDOWN, instead of trying to close them cleanly using low-level fd events and returned values from repeated calls to SSL_shutdown(), so remove ssl_shutdown_retry_delay and SSLShutdownRetryDelay, not used anymore. This also fixes stalled conn issues with autossl.
• Disable autossl passthrough. Autossl passthrough crashes with signal 10.
• Improve check unit tests and testproxy e2e tests.
• Update with SSLsplit 0.5.5 changes.
• Various fixes and improvements.

SSLproxy 0.7.0

Highlights of this release are:

• Move most of the global options into proxyspecs, which provides detailed configuration of proxyspecs
• Reuse srvdst to avoid connecting to server twice, first conn was to get server cert for forging
• Libevent 2.1.11
• MinSSLProto/MaxSSLProto options
• An example listening program
• End-to-end tests using TestProxy
• Variety of other fixes and improvements: FreeBSD support, LibreSSL support, O2 optimization, etc.

SSLproxy 0.6.0

Highlights of this release are:

• Finer thread locks in connection handling instead of a giant thread manager lock
• Support for diverting packets to remote listening programs
• Network user authentication
• Proxyspec protocol validation for http/pop3/smtp
• Passthrough sites for passing SSL connections through without diverting to listening programs if target site matches SNI or common names in SSL certificates, e.g. may be used for sites requiring client authentication
• Numerous stability and performance improvements

SSLproxy 0.5.9

Various stability and performance improvements

SSLproxy 0.5.8

Refactor proxy core for functional separation and driver design pattern
Merge sslsplit 0.5.4 changes

SSLproxy 0.5.7

Merge sslsplit develop changes
Check fd count during child connection setup too
Fix LibreSSL support
Numerous other fixes and improvements