0 votes
by (140 points)

I'd like to proxy TLS to TLS but where the target destination uses certificate authentication. So, the TLS Proxy should request a certificate, then add it as a custom header (X-SSL-CERT) to the forwarded request.

How would I have to configure the TLS proxy to get this done?

Applies to: Rebex TLS
by (72.7k points)
The `X-SSL-CERT` header is supported from v1.7.0 (https://www.rebex.net/tls-proxy/#version-history)

1 Answer

0 votes
by (72.7k points)
edited by

This functionality is currently not supported, however it looks like an interesting feature.

I will add it to our buffer of possible features. We let you know here, if we decide to add it in a future.

UPDATE:

It is available from v1.7.0:

--http-x-ssl-cert <format>
Indicates whether to modify HTTP traffic by including/overwriting the X-SSL-CERT request header with the provided client certificate. Optional.
Supported values: None, URL-encoded, Base16, Base64.
Note: To request client certificates on inbound tunnel, use --request-client-certificate true option.
Note: When using None value, the X-SSL-CERT header is not sent (removed if the client sent it).
Note: When the client did not provide any client certificate and the connection was not rejected, the empty X-SSL-CERT header is sent.

Only takes effect when protocol is HTTP capable.

...