Update Mockttp to allow legacy TLS renegotation on HTTPS whitelist

pimterry · pimterry · commit 3914c800a9a3 · 2023-10-13T15:05:17.000+02:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -76,7 +76,7 @@
     "mime-types": "^2.1.27",
     "mobx": "^6.3.5",
     "mockrtc": "^0.3.1",
-    "mockttp": "^3.9.3",
+    "mockttp": "^3.9.4",
     "node-fetch": "^2.6.1",
     "node-forge": "^1.3.0",
     "node-gsettings-wrapper": "^0.5.0",
diff --git a/src/client/http-client.ts b/src/client/http-client.ts
@@ -11,7 +11,7 @@ import type * as Mockttp from 'mockttp';
 import {
     getDnsLookupFunction,
     shouldUseStrictHttps,
-    UPSTREAM_TLS_OPTIONS as MOCKTTP_UPSTREAM_TLS_OPTIONS
+    getUpstreamTlsOptions as getUpstreamMockttpTlsOptions
 } from 'mockttp/dist/rules/passthrough-handling';
 import { getAgent } from 'mockttp/dist/rules/http-agents';
 import { getEffectivePort } from 'mockttp/dist/util/request-utils';
@@ -104,11 +104,7 @@ export class HttpClient {
             lookup: this.getDns(options.lookupOptions?.servers),
 
             // TLS options (should be effectively identical to Mockttp's passthrough config)
-            ...MOCKTTP_UPSTREAM_TLS_OPTIONS,
-            minVersion: strictHttpsChecks
-                ? tls.DEFAULT_MIN_VERSION
-                : 'TLSv1', // Allow TLSv1, if !strict
-            rejectUnauthorized: strictHttpsChecks,
+            ...getUpstreamMockttpTlsOptions(strictHttpsChecks),
             ...caConfig,
             ...options.clientCertificate
         });
