- From: Roland Zink <roland@zinks.de>
- Date: Wed, 24 Jun 2015 13:08:34 +0200
- To: ietf-http-wg@w3.org
- Message-ID: <558A8FB2.9010102@zinks.de>
Btw. this is great if you want to run HTTP2 between browser and proxy as
Chrome supports protocol negotiation with ALPN. Any proxies supporting
this? It worked for me with nghttp2.
Roland
On 24.06.2015 12:54, Roland Zink wrote:
> On 24.06.2015 12:03, Adrien de Croy wrote:
>>
>> I think the problem scenario is the active network attacker between
>> the client and the proxy.
>>
>> Since the client to proxy connection is not secured, the attacker can
>> send anything back they like (including a 200 OK, but connect to
>> something else or not).
> This needs to be changed, although some browsers already support
> secure connections to the proxy. Chrome can do secure connections to
> the proxy when given HTTPS instruction (instead of PROXY) in a PAC
> file. Anybody know if it will display error messages from the proxy then?
>
> Roland
>
> function FindProxyForURL(url, host) {
>
> return "HTTPS proxy.com:7128";
>
> }
>
>
Received on Wednesday, 24 June 2015 11:08:57 UTC