Feature #16482
net/http should support TLS connection to proxies
Description
Right now net/http forces the user to use a clear text connection to a proxy. This massively reduces security as the user is forced to sent proxy authentication data in the clear.
A proxy is specified in net/http like this:
proxy_addr = 'your.proxy.host' proxy_port = 8080 proxy_user = 'aProxyUser' proxy_pwd = 'aProxyPassword' Net::HTTP.new('example.com', nil, proxy_addr, proxy_port, proxy_user, proxy_pwd).start { |http| # always proxy via your.proxy.addr:8080, user 'aProxyUser', password 'aProxyPassword' }
There is no scheme present in the 'proxy_addr' variable. In the code of Net::HTTP::new the proxy connection is opened via a TCP socket, not via HTTP or HTTPS.
As this considerably weakens security I would like to suggest that it should be made possible to specify that the connection to the proxy is done through a TLS connection. Maybe there could be a use_ssl parameter or the like.
Note that this issue is not about the connection that is routed through the proxy but about the connection to the proxy itself.
Related issues
Updated by jeremyevans0 (Jeremy Evans) 5 months ago
- Related to Feature #10637: Puppet orchestration on vagrant fails with Error: Non-HTTP proxy URI added