Options: TLS

This tab contains settings for TLS negotiation, Java TLS options, and client and server TLS certificates.

Note: Some of these options can be defined at both the user and project level. For these options, you can configure your normal options at the user level, and then override these if required on a per-project basis.

TLS negotiation

These settings control the TLS protocols and ciphers that Burp will use when performing TLS negotiation with upstream servers. You can configure Burp to use all supported protocols and ciphers, the default protocols and ciphers of your Java installation, or override these defaults and enable custom protocols and ciphers as required.

The following other options are available:

Java TLS options

These settings can be used to enable certain TLS features that might be needed to successfully connect to some servers.

The following options are available:

Client TLS certificates

These settings let you configure the client TLS certificates that Burp will use when a destination host requests one. You can configure multiple certificates, and specify the hosts for which each certificate should be used. When a host requests a client TLS certificate, Burp will use the first certificate in the list whose host configuration matches the name of the host being contacted.

You can use wildcards in the destination host specification (* matches zero or more characters, and ? matches any character except a dot). To use a single certificate whenever any host requests one, use * as the destination host.

The following types of client certificates are supported:

Server TLS certificates

This information-only panel contains details of all X509 certificates received from web servers. Double-click an item in the table to display the full details of the certificate.