TinyTLSProxy on XP - how to proxy from TLS10 to TLS12

Question

Hi!
I am trying to get the command line switches correct to proxy an application that only uses TLS10 to a newer server using TLS12 (or TLS13).
I only see the -toTLS option and when I use that it do not get through.

Does TinyTLSProxy on XP support TLS10 to TLS12 conversion?

Answer 1

UPDATE:
TLS to TLS conversion is available from version 1.7.0.

The command line to configure TLS to TLS conversion looks like this:

RebexTinyTlsProxy.exe -TLStoTLS -TLS10:TLS12- 443:httpbin.org:443 -c cert.pfx#password

Please note that you may need to specify the -SNI option as well:

-SNI name       Server name for outbound TLS tunnel (SNI extension).

By default, the SNI received on the inbound tunnel is used for the outbound tunnel as well. For example, if you access the proxy using localhost the SNI for outbound tunnel will be localhost, which can be (often) rejected by the target server. To use correct SNI for outbound tunnel, specify the -SNI option (for example: -SNI httpbin.org).

Please also note that for TLS to TLS conversion you need to use a valid certificate for the proxy.

Comments

Thank you so much!

---

Hi Lukas, a follow on question.
Do you have an estimated release date for this new unreleased version?
Specifically, when would we be able to see the source code up on GitHub?
https://github.com/rebexnet/RebexTinyTlsProxy

---

It is planned after the next public release of https://www.rebex.net/tls/ product, which will be during the summer.

---

All discussed changes are now publicly available at https://github.com/rebexnet/RebexTinyTlsProxy/commits/main/