Optional
defaultOptional
keyThe path to a file where TLS session keys should be logged. This allows you to combine Mockttp with Wireshark and similar, allowing to you inspect the decrypted raw bytes and full TLS handshake details, while also using Mockttp for high-level capture & traffic modification.
When set, the keys for both client & server sessions will be logged, allowing you to examine both sides of the proxied connection.
Optional
tlsA limited list of the only hostnames whose TLS should be intercepted.
This is the opposite of tlsPassthrough
. When set, only connections
to these hostnames will be intercepted, and all other TLS connections will
be passed through without interception.
This option is mutually exclusive with tlsPassthrough
and setting both
options will throw an error.
Each element in this list must be an object with a 'hostname' field for the
hostname that should be matched. Wildcards are supported (following the
URLPattern specification),
eg. {hostname: '*.example.com'}
.
In future more options may be supported here for additional configuration of this behaviour.
Optional
tlsA list of hostnames where TLS interception should always be skipped.
When a TLS connection is started that references a matching hostname in its server name indication (SNI) extension, or which uses a matching hostname in a preceeding CONNECT request to create a tunnel, the connection will be sent raw to the upstream hostname, without handling TLS within Mockttp (i.e. with no TLS interception performed).
This option is mutually exclusive with tlsInterceptOnly
and setting both
options will throw an error.
Each element in this list must be an object with a 'hostname' field for the
hostname that should be matched. Wildcards are supported (following the
URLPattern specification),
eg. {hostname: '*.example.com'}
.
In future more options may be supported here for additional configuration of this behaviour.
Optional
tlsSet the TLS server options, used for incoming TLS connections.
The only officially supported option for now is the minimum TLS version, which can be used to relax/tighten TLS requirements on clients. If not set, this defaults to your Node version's default TLS configuration. The full list of versions can be found at https://nodejs.org/api/tls.html#tlssocketgetprotocol.
Optional
min
The domain name that will be used in the certificate for incoming TLS connections which don't use SNI to request a specific domain.