I suppose you want to tunnel communication from your TLS 1.0/1.1 server to TLS 1.2 server. You can run the TLS Proxy with settings like this:
tlsproxy tunnel add
--in 0.0.0.0:443 --in-protocol TLS --in-tls-versions TLS10,TLS11
--out second.server.com:443 --out-protocol TLS --out-tls-versions TLS12
--certificate-path c:\data\second-server.pfx
Since you want to translate from TLS, you need a certificate. The certificate must be issued for domain, which will be used by your HTTP server to establish TLS connections. Typically:
second.server.com
- you need to route network traffic to the proxy (using DNS or hostfile) instead original second.server.com
You can also use:
localhost
if the proxy will run on the same machine
my.proxy.com
if the proxy will run on the different machine
However, please note that it can change behavior of the application, because HTTP Host
header will be set to localhost
(or my.proxy.com
). We are working on possibility to set Host
header for such cases, but it is not done yet.
Alternatively, if you don't need to use TLS on your HTTP server to request other server, you can use this settings:
tlsproxy tunnel add
--in 0.0.0.0:443
--out second-server:443 --out-protocol TLS --out-tls-versions TLS12
In this case no certificate is needed, since communication between your HTTP server and the TLS Proxy will not be encrypted.