Closed Bug 274042 Opened 20 years ago Closed 8 years ago

Proxy: Make SSL code support all protocols

Categories

(Core :: Networking, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED WONTFIX

People

(Reporter: gerv, Unassigned)

Details

(As discussed with darin and bienvenu via email a month or two ago.)

Currently, the SSL proxy code is specific to the HTTP(S) protocol. It would be
great if it could be moved into a more general part of the networking stack, so
that e.g. IMAP-over-SSL or NNTP-over-SSL could also use the configured SSL
proxy. This would help people behind firewalls access their mail and news.

darin says:
"... the best solution would be to move the logic for SSL proxy connect from
nsHttpConnection.cpp down into nsSocketTransport.cpp so that it could apply in
general to any SSL socket with a nsIProxyInfo that specifies a type of HTTP. 
The difficulty in doing so is that we'd need a way to handle the authentication
steps."

Gerv
(marking as blocks bug 122752 because it seems like a way to handle
authentication would benefit socks too)
Blocks: 122752
Ari Luotonen always felt that the CONNECT method had uses beyond the initial SSL
protocol tunneling. This would make a lot of sense, two relevant issues:

1- Most proxy servers used to assume that CONNECT was only for certain
destination ports. I don't know the current out-of-box ACLs are for proxy servers.

2- This will complicated manual config even more, unless you want to move SSL
down, to where SOCKS is. Then the question is, what is the order of precedence
for SOCSKS vs. CONNECT?
Summary: Make SSL proxy code apply to all protocols → Proxy: Make SSL code support all protocols
Ben: re: 2, no idea. What would you suggest?

Gerv
For Mozilla, I would prefer implementation that is as strictly close to
Communicator as possible, because of migration concerns.

For FF, I think we want things to be really simple. Probably people get
two-level choices:

Choice of circuit-level proxy (SOCKS vs. SSL via radio button).

Absent that, then use a list of application proxies, on a per-scheme basis.

This type of design didn't work for mozilla b/c users had some protocols sent to
SOCKS and others to application proxy, but with the FF/TB split, this is less of
a problem, from my recollection of configurations described in the proxy bugs.
No longer blocks: 122752
Assignee: darin → nobody
QA Contact: benc → networking
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.