[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kfm-devel
Subject:    Bug#27044: ssl incorrectly uses http proxy
From:       d.begley () uws ! edu ! au
Date:       2001-06-11 4:08:29
[Download RAW message or body]

Package: konqueror
Version: Konqueror 2.1.1 (Using KDE 2.1.2) (using KDE 2.1.1 )
Severity: wishlist
Installed from:    SuSE RPMs
Compiler:          Not Specified
OS:                Linux
OS/Compiler notes: KDE 2.1.2, Linux Kernel 2.2.14, SuSE 6.4

Within Konqueror (and probably other parts
of KDE requiring HTTP or HTTPS access), the
proxy configuration only permits setting a
proxy server for FTP and HTTP - HTTPS (HTTP
over SSL) is assumed to be the same as HTTP,
so all SSL connections are sent to the HTTP
proxy - bad assumption.

Regular HTTP traffic by default heads to TCP
port 80 on the server, is predominantly
text-based and contains information that can
be checked by a caching proxy server and
where applicable, stored for later retrieval
by other users.

HTTPS traffic uses port 443 and cannot be
cached.

Netscape has always permitted a separate
proxy setting for HTTPS ("Security Proxy")
traffic so many sites have taken advantage
of this distinction to set network policies
whereby HTTP must be redirected to a known
proxy yet HTTPS is sent direct (as far as
the browser/client is concerned anyway).

By sending HTTPS traffic to the HTTP proxy,
the proxy denies the request causing an
error within Konqueror;  disabling all
proxies allows the HTTPS request to be sent
direct, at which time it works (proxies
need to be re-enabled before regular HTTP
is used else that won't work!).

Without a separate HTTP and secure (HTTPS)
proxy setting, Konqueror (thus KDE) cannot
be used in many enterprise environments.


(Submitted via bugs.kde.org)

[prev in list] [next in list] [prev in thread] [next in thread]