- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Thu, 25 Jun 2015 00:12:43 +1200
- To: ietf-http-wg@w3.org
On 24/06/2015 11:08 p.m., Roland Zink wrote: > Btw. this is great if you want to run HTTP2 between browser and proxy as > Chrome supports protocol negotiation with ALPN. Any proxies supporting > this? It worked for me with nghttp2. SSL/TLS has been accepted by Squid since, oh ... 1997. ALPN is in the current stables, but only "negotiating" for HTTP/1.1. When we get HTTP/2 into mainstream it will be supported there too. > > Roland > > > On 24.06.2015 12:54, Roland Zink wrote: >> On 24.06.2015 12:03, Adrien de Croy wrote: >>> >>> I think the problem scenario is the active network attacker between >>> the client and the proxy. >>> >>> Since the client to proxy connection is not secured, the attacker can >>> send anything back they like (including a 200 OK, but connect to >>> something else or not). >> This needs to be changed, although some browsers already support >> secure connections to the proxy. Chrome can do secure connections to >> the proxy when given HTTPS instruction (instead of PROXY) in a PAC >> file. Anybody know if it will display error messages from the proxy then? If I'm understanding it right theres no difference on those connections. I've not a clear picture there though. Amos
Received on Wednesday, 24 June 2015 12:13:24 UTC