'Re: Bug#27044: ssl incorrectly uses http proxy'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kfm-devel
Subject:    Re: Bug#27044: ssl incorrectly uses http proxy
From:       George Staikos <staikos () kde ! org>
Date:       2001-06-11 20:31:18
[Download RAW message or body]

On Monday 11 June 2001 00:08, d.begley@uws.edu.au wrote:

> Within Konqueror (and probably other parts
> of KDE requiring HTTP or HTTPS access), the
> proxy configuration only permits setting a
> proxy server for FTP and HTTP - HTTPS (HTTP
> over SSL) is assumed to be the same as HTTP,
> so all SSL connections are sent to the HTTP
> proxy - bad assumption.
>
> Regular HTTP traffic by default heads to TCP
> port 80 on the server, is predominantly
> text-based and contains information that can
> be checked by a caching proxy server and
> where applicable, stored for later retrieval
> by other users.
>
> HTTPS traffic uses port 443 and cannot be
> cached.
>
> Netscape has always permitted a separate
> proxy setting for HTTPS ("Security Proxy")
> traffic so many sites have taken advantage
> of this distinction to set network policies
> whereby HTTP must be redirected to a known
> proxy yet HTTPS is sent direct (as far as
> the browser/client is concerned anyway).
>
> By sending HTTPS traffic to the HTTP proxy,
> the proxy denies the request causing an
> error within Konqueror;  disabling all
> proxies allows the HTTPS request to be sent
> direct, at which time it works (proxies
> need to be re-enabled before regular HTTP
> is used else that won't work!).
>
> Without a separate HTTP and secure (HTTPS)
> proxy setting, Konqueror (thus KDE) cannot
> be used in many enterprise environments.

   Well Dawit can speak more to this than I can, but you should know that 
there are proxies which do SSL on port 80.  It is a common way of doing this, 
although it's clearly not the way you need.  This is/was all supposed to 
change for 2.2.   I don't know what the status is because I don't use a proxy.

-- 

George Staikos

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic