Actions
Feature #16482
opennet/http should support TLS connection to proxies
Status:
Open
Assignee:
-
Target version:
-
Description
Right now net/http forces the user to use a clear text connection to a proxy. This massively reduces security as the user is forced to sent proxy authentication data in the clear.
A proxy is specified in net/http like this:
proxy_addr = 'your.proxy.host'
proxy_port = 8080
proxy_user = 'aProxyUser'
proxy_pwd = 'aProxyPassword'
Net::HTTP.new('example.com', nil, proxy_addr, proxy_port, proxy_user, proxy_pwd).start { |http|
# always proxy via your.proxy.addr:8080, user 'aProxyUser', password 'aProxyPassword'
}
There is no scheme present in the 'proxy_addr' variable. In the code of Net::HTTP::new the proxy connection is opened via a TCP socket, not via HTTP or HTTPS.
As this considerably weakens security I would like to suggest that it should be made possible to specify that the connection to the proxy is done through a TLS connection. Maybe there could be a use_ssl parameter or the like.
Note that this issue is not about the connection that is routed through the proxy but about the connection to the proxy itself.
Updated by jeremyevans0 (Jeremy Evans) over 3 years ago
- Related to Feature #10637: Puppet orchestration on vagrant fails with Error: Non-HTTP proxy URI added
Actions
Like0
Like0