[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: `url-retrieve' for https behind proxy: 400 bad request
From: |
Yuri Khan |
Subject: |
Re: `url-retrieve' for https behind proxy: 400 bad request |
Date: |
Tue, 8 Nov 2016 18:19:17 +0600 |
On Tue, Nov 8, 2016 at 6:58 PM, <tomas@tuxteam.de> wrote:
> Yeah. This is the usual dance for https over proxy (if the proxy allows
> it). Basically, CONNECT tells the proxy to just pass the https stream
> along, untouched.
And it’s the only way to preserve integrity of the connection. With
CONNECT, provided that the origin server presents a valid and matching
certificate and you check it, neither the proxy nor any other
man-in-the-middle between you and the proxy can spoof the origin
server, tamper with requests or responses, or sniff the traffic
between you and the origin. With “GET https://foo/bar”, all of the
above would be possible.