Closed
Bug 274042
Opened 20 years ago
Closed 8 years ago
Proxy: Make SSL code support all protocols
Categories
(Core :: Networking, enhancement)
Core
Networking
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: gerv, Unassigned)
Details
(As discussed with darin and bienvenu via email a month or two ago.) Currently, the SSL proxy code is specific to the HTTP(S) protocol. It would be great if it could be moved into a more general part of the networking stack, so that e.g. IMAP-over-SSL or NNTP-over-SSL could also use the configured SSL proxy. This would help people behind firewalls access their mail and news. darin says: "... the best solution would be to move the logic for SSL proxy connect from nsHttpConnection.cpp down into nsSocketTransport.cpp so that it could apply in general to any SSL socket with a nsIProxyInfo that specifies a type of HTTP. The difficulty in doing so is that we'd need a way to handle the authentication steps." Gerv
Comment 1•20 years ago
|
||
(marking as blocks bug 122752 because it seems like a way to handle authentication would benefit socks too)
Blocks: 122752
Ari Luotonen always felt that the CONNECT method had uses beyond the initial SSL protocol tunneling. This would make a lot of sense, two relevant issues: 1- Most proxy servers used to assume that CONNECT was only for certain destination ports. I don't know the current out-of-box ACLs are for proxy servers. 2- This will complicated manual config even more, unless you want to move SSL down, to where SOCKS is. Then the question is, what is the order of precedence for SOCSKS vs. CONNECT?
Summary: Make SSL proxy code apply to all protocols → Proxy: Make SSL code support all protocols
Reporter | ||
Comment 3•20 years ago
|
||
Ben: re: 2, no idea. What would you suggest? Gerv
For Mozilla, I would prefer implementation that is as strictly close to Communicator as possible, because of migration concerns. For FF, I think we want things to be really simple. Probably people get two-level choices: Choice of circuit-level proxy (SOCKS vs. SSL via radio button). Absent that, then use a list of application proxies, on a per-scheme basis. This type of design didn't work for mozilla b/c users had some protocols sent to SOCKS and others to application proxy, but with the FF/TB split, this is less of a problem, from my recollection of configurations described in the proxy bugs.
Updated•18 years ago
|
Assignee: darin → nobody
QA Contact: benc → networking
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•