Type Alias MockttpHttpsOptions

MockttpHttpsOptions: CAOptions & {
    defaultDomain?: string;
    keyLogFile?: string;
    tlsInterceptOnly?: {
        hostname: string;
    }[];
    tlsPassthrough?: {
        hostname: string;
    }[];
    tlsServerOptions?: {
        minVersion?:
            | "TLSv1.3"
            | "TLSv1.2"
            | "TLSv1.1"
            | "TLSv1";
    };
}

Type declaration

  • OptionaldefaultDomain?: string

    The domain name that will be used in the certificate for incoming TLS connections which don't use SNI to request a specific domain.

  • OptionalkeyLogFile?: string

    The path to a file where TLS session keys should be logged. This allows you to combine Mockttp with Wireshark and similar, allowing to you inspect the decrypted raw bytes and full TLS handshake details, while also using Mockttp for high-level capture & traffic modification.

    When set, the keys for both client & server sessions will be logged, allowing you to examine both sides of the proxied connection.

  • OptionaltlsInterceptOnly?: {
        hostname: string;
    }[]

    A limited list of the only hostnames whose TLS should be intercepted.

    This is the opposite of tlsPassthrough. When set, only connections to these hostnames will be intercepted, and all other TLS connections will be passed through without interception.

    This option is mutually exclusive with tlsPassthrough and setting both options will throw an error.

    Each element in this list must be an object with a 'hostname' field for the hostname that should be matched. Wildcards are supported (following the URLPattern specification), eg. {hostname: '*.example.com'}.

    In future more options may be supported here for additional configuration of this behaviour.

  • OptionaltlsPassthrough?: {
        hostname: string;
    }[]

    A list of hostnames where TLS interception should always be skipped.

    When a TLS connection is started that references a matching hostname in its server name indication (SNI) extension, or which uses a matching hostname in a preceeding CONNECT request to create a tunnel, the connection will be sent raw to the upstream hostname, without handling TLS within Mockttp (i.e. with no TLS interception performed).

    This option is mutually exclusive with tlsInterceptOnly and setting both options will throw an error.

    Each element in this list must be an object with a 'hostname' field for the hostname that should be matched. Wildcards are supported (following the URLPattern specification), eg. {hostname: '*.example.com'}.

    In future more options may be supported here for additional configuration of this behaviour.

  • OptionaltlsServerOptions?: {
        minVersion?:
            | "TLSv1.3"
            | "TLSv1.2"
            | "TLSv1.1"
            | "TLSv1";
    }

    Set the TLS server options, used for incoming TLS connections.

    The only officially supported option for now is the minimum TLS version, which can be used to relax/tighten TLS requirements on clients. If not set, this defaults to your Node version's default TLS configuration. The full list of versions can be found at https://nodejs.org/api/tls.html#tlssocketgetprotocol.

    • OptionalminVersion?:
          | "TLSv1.3"
          | "TLSv1.2"
          | "TLSv1.1"
          | "TLSv1"

Settings

Member Visibility