- From: Walter H. <Walter.H@mathemainzel.info>
- Date: Sun, 07 Aug 2016 21:00:55 +0200
- To: Ilari Liusvaara <ilariliusvaara@welho.com>
- CC: ietf-http-wg@w3.org
- Message-ID: <57A78567.2050902@mathemainzel.info>
On 07.08.2016 19:45, Ilari Liusvaara wrote: > On Sun, Aug 07, 2016 at 07:25:22PM +0200, Walter H. wrote: >> On 06.08.2016 02:25, Mark Nottingham wrote: >>> Would this help? >>> >>> https://mnot.github.io/I-D/proxy-explanation/ >>> >>> Keep in mind that only helps for configured proxies. >>> >> configured proxies are not the bug; why not just simpy use plain HTML? > > Except that if you try rejecting the CONNECT, then my browser shows the correct message e.g. While trying to retrieve the URL: https://www.xxx.ru/* The following error was encountered: * *Top-Level-Domain Blocked. * Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. in this case it has no relevance if the host www.xxx.ru really exists or not, because the whole TLD .ru is blocked and this check is done much before; I'm using squid as my MITM-proxy > the browsers just throw > up generic error about connection failed and will just plain discard > any payload the proxy sends. > > (And pretty much the same for non-browsers, if those even support > CONNECT). yes, because these apps warn you that there is a certificate in use they don't know; install the signing certificate of the proxy and it works as I've shown above ...
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Sunday, 7 August 2016 19:01:26 UTC