Can mitmproxy handle SSLv2 ClientHello?

I’m trying to intercept connections for an app that sends an SSLv2 ClientHello, then upgrades to TLSv1 for the handshake. It looks to me like mitmproxy can’t handle that combination, or maybe I’m doing something wrong.

My command-line looks like this:

mitmdump -T --tcp '.*' --insecure -v --ciphers-client RC4-MD5

I need --insecure because this app doesn’t support SNI, and the cipher is just a second easy way to tell whether mitmproxy is doing its job.

The connection with TLSv1 hello/TLSv1 handshake

This is the one that works as expected. It serves the client a certificate with an organization name of mitmproxy, and my one expected cipher. The log looks like this:

192.168.56.101:3275: clientconnect
192.168.56.101:3275: serverconnect
  -> 1.2.3.4:443
192.168.56.101:3275: Establish TLS with server
192.168.56.101:3275: Certificate Verification Error for 1.2.3.4:443: hostname 'no-hostname' doesn't match either of '*.example.com', 'example.com'
192.168.56.101:3275: Ignoring server verification error, continuing with connection
192.168.56.101:3275: ALPN selected by server: -
192.168.56.101:3275: Establish TLS with client
192.168.56.101:3275 -> tcp -> 1.2.3.4:443
192.168.56.101:3275 <- tcp <- 1.2.3.4:443

The connection with SSLv2 hello/TLSv1 handshake

This case fails. It serves the client the server’s original cert with an organization name of GeoTrust, Inc., and ciphers other than the one I specified. The log looks like this:

192.168.56.101:3277: clientconnect
192.168.56.101:3277: serverconnect
  -> 1.2.3.5:443
192.168.56.101:3277 -> tcp -> 1.2.3.5:443
192.168.56.101:3277 <- tcp <- 1.2.3.5:443

So mitmproxy can see the connection, but it decides not to do anything with it. I tried --ssl-version-client TLSv1 on a whim but it had no effect.

Did I screw something up here?