Skip to content →

SSL decryption no longer works after Charles 3.4 upgrade

Charles 3.4 changes the default behaviour of SSL in Charles to opt-in rather than opt-out. You must now opt-in each site you wish to enable for SSL proxying. This change was made to improve the behaviour of Charles. There are a number of applications running on computers that require SSL connections and get confused by the Charles SSL certificate used for SSL proxying. Also defaulting every site into SSL proxying could cause unwitting security problems for Charles users, such as if you Internet Banking site is proxied and your password visible in plain text inside Charles.

This change does mean that you now need to tell Charles about each SSL site you want to proxy, or you can opt in to proxy them all again.

To opt in a specific site, right-click on the host name in the tree view and turn on SSL Proxying. You may need to restart your browser to get it to close its existing non-SSL proxied connection. You can also control the list of SSL proxied hosts in the Proxy Settings dialog.

To opt in all sites, open the Proxy Settings dialog, go to the SSL tab, and enter a * into the list of locations.