Re: Browser display of 403 responses bodies on CONNECT

On 24/06/2015 11:08 p.m., Roland Zink wrote:
> Btw. this is great if you want to run HTTP2 between browser and proxy as
> Chrome supports protocol negotiation with ALPN. Any proxies supporting
> this? It worked for me with nghttp2.

SSL/TLS has been accepted by Squid since, oh ... 1997.

ALPN is in the current stables, but only "negotiating" for HTTP/1.1.
When we get HTTP/2 into mainstream it will be supported there too.

> Roland
> On 24.06.2015 12:54, Roland Zink wrote:
>> On 24.06.2015 12:03, Adrien de Croy wrote:
>>> I think the problem scenario is the active network attacker between
>>> the client and the proxy.
>>> Since the client to proxy connection is not secured, the attacker can
>>> send anything back they like (including a 200 OK, but connect to
>>> something else or not).
>> This needs to be changed, although some browsers already support
>> secure connections to the proxy. Chrome can do secure connections to
>> the proxy when given HTTPS instruction (instead of PROXY) in a PAC
>> file. Anybody know if it will display error messages from the proxy then?

If I'm understanding it right theres no difference on those connections.
I've not a clear picture there though.


Received on Wednesday, 24 June 2015 12:13:24 UTC