* [ruby-core:96672] [Ruby master Feature#16482] net/http should support TLS connection to proxies
[not found] <redmine.issue-16482.20200105175211@ruby-lang.org>
@ 2020-01-05 17:52 ` frank.schwab
0 siblings, 0 replies; only message in thread
From: frank.schwab @ 2020-01-05 17:52 UTC (permalink / raw
To: ruby-core
Issue #16482 has been reported by xformer (Frank Schwab).
----------------------------------------
Feature #16482: net/http should support TLS connection to proxies
https://bugs.ruby-lang.org/issues/16482
* Author: xformer (Frank Schwab)
* Status: Open
* Priority: Normal
* Assignee:
* Target version:
----------------------------------------
Right now net/http forces the user to use a clear text connection to a proxy. This massively reduces security as the user is forced to sent proxy authentication data in the clear.
A proxy is specified in net/http like this:
```
proxy_addr = 'your.proxy.host'
proxy_port = 8080
proxy_user = 'aProxyUser'
proxy_pwd = 'aProxyPassword'
Net::HTTP.new('example.com', nil, proxy_addr, proxy_port, proxy_user, proxy_pwd).start { |http|
# always proxy via your.proxy.addr:8080, user 'aProxyUser', password 'aProxyPassword'
}
```
There is no scheme present in the 'proxy_addr' variable. In the code of Net::HTTP::new the proxy connection is opened via a TCP socket, not via HTTP or HTTPS.
As this considerably weakens security I would like to suggest that it should be made possible to specify that the connection to the proxy is done through a TLS connection. Maybe there could be a use_ssl parameter or the like.
Note that this issue is not about the connection that is routed through the proxy but about the connection to the proxy itself.
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-01-05 17:52 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <redmine.issue-16482.20200105175211@ruby-lang.org>
2020-01-05 17:52 ` [ruby-core:96672] [Ruby master Feature#16482] net/http should support TLS connection to proxies frank.schwab
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).