Project

General

Profile

Feature #16482

net/http should support TLS connection to proxies

Added by xformer (Frank Schwab) about 2 months ago.

Status:
Open
Priority:
Normal
Assignee:
-
Target version:
-
[ruby-core:96672]

Description

Right now net/http forces the user to use a clear text connection to a proxy. This massively reduces security as the user is forced to sent proxy authentication data in the clear.

A proxy is specified in net/http like this:

proxy_addr = 'your.proxy.host'
proxy_port = 8080
proxy_user = 'aProxyUser'
proxy_pwd  = 'aProxyPassword'

Net::HTTP.new('example.com', nil, proxy_addr, proxy_port, proxy_user, proxy_pwd).start { |http|
  # always proxy via your.proxy.addr:8080, user 'aProxyUser', password 'aProxyPassword'
}

There is no scheme present in the 'proxy_addr' variable. In the code of Net::HTTP::new the proxy connection is opened via a TCP socket, not via HTTP or HTTPS.

As this considerably weakens security I would like to suggest that it should be made possible to specify that the connection to the proxy is done through a TLS connection. Maybe there could be a use_ssl parameter or the like.

Note that this issue is not about the connection that is routed through the proxy but about the connection to the proxy itself.

No data to display

Also available in: Atom PDF