W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2003

Re: polling re: Upgrade and CONNECT support

From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Thu, 1 May 2003 11:53:22 -0600 (MDT)
To: Scott Lawrence <scott-http@skrb.org>
cc: ietf-http-wg@w3.org
Message-ID: <Pine.BSF.4.53.0305011132450.26300@measurement-factory.com>


	I have two comments, both from HTTP proxies point of view:

>    3.3      Acceptance of Upgrade Request
>               Server Sends
>                 101 Switching Protocols
>                 Upgrade: TLS/1.0, HTTP/1.1
>                 Connection: Upgrade

Please note that support for forwarding of 1xx responses in proxies is
poor. Most of the proxies we tested has violated at least one test
case related to 1xx acceptance and forwarding. For a typical example,
see http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19442

While tested vendors are fixing these now-known problems, it will take
a while for changes to be implemented and to propagate. Poor support
in intermediaries means that even compliant clients and servers will
not be able to work in many real-world environments if they rely on
1xx responses.

> ================ Proxy Servers
> Section     Proxy Feature
>    5.2      CONNECT to port 443
>    5.2      CONNECT to port 80 prior to upgrade request
>               Client Sends
>                 CONNECT www.example.com:80 HTTP/1.1
>                 Host: www.example.com:80
>               Proxy establishes origin server connection, switches to
>               tunnel mode and responds with some 2xx response.
>    5.3      CONNECT through chained proxies
>               Client Sends
>                 CONNECT www.example.com:80 HTTP/1.1
>                 Host: www.example.com:80
>               Proxy Sends to next proxy toward origin server
>                 CONNECT www.example.com:80 HTTP/1.1
>                 Host: www.example.com:80
>               and forwards response appropriately

I believe the above are fairly well supported in decent proxies
because they often must handle SSL/TLS tunneling (or terminating) as a
part of the infrastructure. I know that Squid proxy cache, for
example, supports CONNECT requests well.



                            | HTTP performance - Web Polygraph benchmark
www.measurement-factory.com | HTTP compliance+ - Co-Advisor test suite
                            | all of the above - PolyBox appliance
Received on Thursday, 1 May 2003 14:13:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:13:22 UTC