Re: polling re: Upgrade and CONNECT support


	I have two comments, both from HTTP proxies point of view:

>    3.3      Acceptance of Upgrade Request
>               Server Sends
>                 101 Switching Protocols
>                 Upgrade: TLS/1.0, HTTP/1.1
>                 Connection: Upgrade

Please note that support for forwarding of 1xx responses in proxies is
poor. Most of the proxies we tested has violated at least one test
case related to 1xx acceptance and forwarding. For a typical example,

While tested vendors are fixing these now-known problems, it will take
a while for changes to be implemented and to propagate. Poor support
in intermediaries means that even compliant clients and servers will
not be able to work in many real-world environments if they rely on
1xx responses.

> ================ Proxy Servers
> Section     Proxy Feature
>    5.2      CONNECT to port 443
>    5.2      CONNECT to port 80 prior to upgrade request
>               Client Sends
>                 CONNECT HTTP/1.1
>                 Host:
>               Proxy establishes origin server connection, switches to
>               tunnel mode and responds with some 2xx response.
>    5.3      CONNECT through chained proxies
>               Client Sends
>                 CONNECT HTTP/1.1
>                 Host:
>               Proxy Sends to next proxy toward origin server
>                 CONNECT HTTP/1.1
>                 Host:
>               and forwards response appropriately

I believe the above are fairly well supported in decent proxies
because they often must handle SSL/TLS tunneling (or terminating) as a
part of the infrastructure. I know that Squid proxy cache, for
example, supports CONNECT requests well.



                            | HTTP performance - Web Polygraph benchmark | HTTP compliance+ - Co-Advisor test suite
                            | all of the above - PolyBox appliance

Received on Thursday, 1 May 2003 14:13:56 UTC