[ruby-core:118537] [Ruby master Feature#16482] net/http should support TLS connection to proxies

[ruby-core:118537] [Ruby master Feature#16482] net/http should support TLS connection to proxies

[hsbt (Hiroshi SHIBATA) via ruby-core]

Issue #16482 has been updated by hsbt (Hiroshi SHIBATA).

Status changed from Open to Closed

I merged https://github.com/ruby/net-http/pull/55 now.

----------------------------------------
Feature #16482: net/http should support TLS connection to proxies
https://bugs.ruby-lang.org/issues/16482#change-109056

* Author: xformer (Frank Schwab)
* Status: Closed
----------------------------------------
Right now net/http forces the user to use a clear text connection to a proxy. This massively reduces security as the user is forced to sent proxy authentication data in the clear.

A proxy is specified in net/http like this:

```
proxy_addr = 'your.proxy.host'
proxy_port = 8080
proxy_user = 'aProxyUser'
proxy_pwd  = 'aProxyPassword'

Net::HTTP.new('example.com', nil, proxy_addr, proxy_port, proxy_user, proxy_pwd).start { |http|
  # always proxy via your.proxy.addr:8080, user 'aProxyUser', password 'aProxyPassword'
}

```

There is no scheme present in the 'proxy_addr' variable. In the code of Net::HTTP::new the proxy connection is opened via a TCP socket, not via HTTP or HTTPS.

As this considerably weakens security I would like to suggest that it should be made possible to specify that the connection to the proxy is done through a TLS connection. Maybe there could be a use_ssl parameter or the like.

Note that this issue is not about the connection that is routed through the proxy but about the connection to the proxy itself.



-- 
https://bugs.ruby-lang.org/
 ______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/

[ruby-core:118538] [Ruby master Feature#16482] net/http should support TLS connection to proxies

[hsbt (Hiroshi SHIBATA) via ruby-core]

Issue #16482 has been updated by hsbt (Hiroshi SHIBATA).

Assignee set to hsbt (Hiroshi SHIBATA)

----------------------------------------
Feature #16482: net/http should support TLS connection to proxies
https://bugs.ruby-lang.org/issues/16482#change-109057

* Author: xformer (Frank Schwab)
* Status: Closed
* Assignee: hsbt (Hiroshi SHIBATA)
----------------------------------------
Right now net/http forces the user to use a clear text connection to a proxy. This massively reduces security as the user is forced to sent proxy authentication data in the clear.

A proxy is specified in net/http like this:

```
proxy_addr = 'your.proxy.host'
proxy_port = 8080
proxy_user = 'aProxyUser'
proxy_pwd  = 'aProxyPassword'

Net::HTTP.new('example.com', nil, proxy_addr, proxy_port, proxy_user, proxy_pwd).start { |http|
  # always proxy via your.proxy.addr:8080, user 'aProxyUser', password 'aProxyPassword'
}

```

There is no scheme present in the 'proxy_addr' variable. In the code of Net::HTTP::new the proxy connection is opened via a TCP socket, not via HTTP or HTTPS.

As this considerably weakens security I would like to suggest that it should be made possible to specify that the connection to the proxy is done through a TLS connection. Maybe there could be a use_ssl parameter or the like.

Note that this issue is not about the connection that is routed through the proxy but about the connection to the proxy itself.



-- 
https://bugs.ruby-lang.org/
 ______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/