Open Bug 1652776 Opened 5 years ago Updated 1 year ago

Make ECH work with proxies

Categories

(Core :: Networking: HTTP, task, P3)

Product:
Core
Component:
Networking: HTTP
Type:
task

Tracking

()

People

(Reporter: dragana, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged])

For now, in case of a connection through a proxy we are interested only in ECH configuration. Currently only HTTP1.1 and HTTP2 protocols can be use on a connection to the web site through a http(s) proxy.

The HTTPSSVC record request should be sent for the browsing request, but not for the hostname of the proxy. We only need a SvcDomainName and its echconfig, i.e. IP addresses are not needed. The SvcDomainName will be sent in the CONNECT request and echconfig will be used for TLS session that will follow the CONNECT request.

A nsHttpTransaction should have at lease one SvcDomainName and its echconfig to be able to make a new connection through a proxy. If there is a HTTP2 session between the browser and the web site, a nsHttpTransaction can be directly dispatched on the session and a new CONNECT, as well as SvcDomainName, are not needed.

Here we can use nsHtttpConnectionInfo's routedHost, routedPort and echconfig (bug 1652670) to carry this information.

This should be control by a pref.

Whiteboard: [necko-triaged]
You need to log in before you can comment on or make changes to this bug.