Feature #16482
closed
net/http should support TLS connection to proxies
Description
Right now net/http forces the user to use a clear text connection to a proxy. This massively reduces security as the user is forced to sent proxy authentication data in the clear.
A proxy is specified in net/http like this:
proxy_addr = 'your.proxy.host'
proxy_port = 8080
proxy_user = 'aProxyUser'
proxy_pwd = 'aProxyPassword'
Net::HTTP.new('example.com', nil, proxy_addr, proxy_port, proxy_user, proxy_pwd).start { |http|
# always proxy via your.proxy.addr:8080, user 'aProxyUser', password 'aProxyPassword'
}
There is no scheme present in the 'proxy_addr' variable. In the code of Net::HTTP::new the proxy connection is opened via a TCP socket, not via HTTP or HTTPS.
As this considerably weakens security I would like to suggest that it should be made possible to specify that the connection to the proxy is done through a TLS connection. Maybe there could be a use_ssl parameter or the like.
Note that this issue is not about the connection that is routed through the proxy but about the connection to the proxy itself.
Updated by jeremyevans0 (Jeremy Evans) about 4 years ago
- Related to Feature #10637: Puppet orchestration on vagrant fails with Error: Non-HTTP proxy URI added
Updated by hsbt (Hiroshi SHIBATA) 4 months ago
- Status changed from Open to Closed
I merged https://github.com/ruby/net-http/pull/55 now.
Updated by hsbt (Hiroshi SHIBATA) 4 months ago
- Assignee set to hsbt (Hiroshi SHIBATA)