The poxy should be: - insecure HTTP proxy - secure HTTP/1.1 proxy - HTTP/2 proxy The tests should include TLS failures: - the proxy rejects the client ClientHello. - the proxy sends malformed ServerHello that will be rejected by the client. - the proxy sends certificates that will be rejected by the client.
Bug 1755524 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
The poxy should be: - insecure HTTP proxy - secure HTTP/1.1 proxy - HTTP/2 proxy The tests should include TLS failures: - the proxy rejects the client ClientHello. - the proxy sends malformed ServerHello that will be rejected by the client. - the proxy sends certificates that will be rejected by the client. - NSS tolerates some errors and triggers a new connection in necko. We should have a server that would produce such behavior. There are multiple ways to get in such a situation, but a server that produces one such situation would be enough.