You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Aleph's HTTP client has proxy support (via proxy-options) but it doesn't support HTTPS connections towards the proxy server, i.e. the initial CONNECT request is always sent in plain. Note that connecting to destination hosts via HTTPS is still possible this way. However, it would still be good to also support a secure client <-> proxy connection for defense in depth purposes or for using proxies in an untrusted network environment.
Implementation-wise, this would probably entail adding an optional ssl-context key to proxy-options and then adding a second SslHandler to the pipeline before the proxy handlers. As a consequence, we might have to fix some of the existing code expecting only one SslHandler to be present in the channel pipeline. See netty/netty#11418 for somebody running into that very situation.
Aleph's HTTP client has proxy support (via
proxy-options) but it doesn't support HTTPS connections towards the proxy server, i.e. the initialCONNECTrequest is always sent in plain. Note that connecting to destination hosts via HTTPS is still possible this way. However, it would still be good to also support a secure client <-> proxy connection for defense in depth purposes or for using proxies in an untrusted network environment.Implementation-wise, this would probably entail adding an optional
ssl-contextkey toproxy-optionsand then adding a secondSslHandlerto the pipeline before the proxy handlers. As a consequence, we might have to fix some of the existing code expecting only oneSslHandlerto be present in the channel pipeline. See netty/netty#11418 for somebody running into that very situation.See also this discussion.
The text was updated successfully, but these errors were encountered: