I am completely new to mitmproxy and I'm working my way through the docs, but I have a specific requirement from my management in picking a proxy to work with. Specifically we need the ability to accept an incoming (outbound/external facing) connection using TLS 1.3 (and 1.2 of course), but after decryption and inspection, the backend connection to the server is made in TLS 1.2 even if the incoming connect was in 1.3. An additional requirement is to control the ciphers that can be negotiated on either side. Is there a way to configure mitmproxy to work in this kind of non-symmetric connection mode?
I found notes that indicate:
tls_version_client_max
mitmproxy mitmdump mitmweb str Set the maximum TLS version for client connections.
Default: UNBOUNDED
Choices: UNBOUNDED, SSL3, TLS1_1, TLS1_2, TLS1_3
tls_version_client_min
mitmproxy mitmdump mitmweb str Set the minimum TLS version for client connections.
Default: TLS1_2
Choices: UNBOUNDED, SSL3, TLS1_1, TLS1_2, TLS1_3
tls_version_server_max
mitmproxy mitmdump mitmweb str Set the maximum TLS version for server connections.
Default: UNBOUNDED
Choices: UNBOUNDED, SSL3, TLS1_1, TLS1_2, TLS1_3
tls_version_server_min
mitmproxy mitmdump mitmweb str Set the minimum TLS version for server connections.
Default: TLS1_2
Choices: UNBOUNDED, SSL3, TLS1_1, TLS1_2, TLS1_3
and this would seem to imply that I could set the client side to TLS1_2, TLS1_3 and the server side to TLS1_2 only. Would this accomplish my goal?
