Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is HTTPS Proxy

Tags:

http-proxy

I know if a HTTP server support CONNECT method, it could create a TCP tunnel, then we can use all protocols based on TCP.

Here is my confusion, is HTTPS proxy means a HTTP proxy support CONNECT method or a HTTP proxy over SSL?

like image 818
tinyproxy Avatar asked Aug 25 '17 04:08

tinyproxy


People also ask

What is difference between http and https proxy?

The only difference between the two protocols is that HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses, and to digitally sign those requests and responses. As a result, HTTPS is far more secure than HTTP. A website that uses HTTP has http:// in its URL, while a website that uses HTTPS has https://.

What is proxy type for HTTPS?

SSL proxy is also called an HTTPS proxy, the abbreviation meaning Hypertext Transfer Protocol over SSL. To put it briefly, an HTTPS proxy is a proxy that uses the HTTP protocol over SSL.

Is HTTP Proxy safe?

HTTP proxy connections are generally safe. However, they are still limited in comparison to VPNs, which provide end-to-end encryption.

Are there HTTPS proxies?

HTTPS proxies were invented to ensure communication with end-to-end security. In this flow, the client sends a special request to the proxy with the CONNECT verb. The proxy builds an opaque tunnel by connecting to the requested server using TCP and nothing else.


2 Answers

Here is my confusion, is HTTPS proxy means a HTTP proxy support CONNECT method or a HTTP proxy over SSL?

I think the exact meaning depends on the context. I read almost all related posts and notice that most people see "HTTPS proxy" as HTTP proxy that supports CONNECT method. And Many of them mistakenly think that there's no such thing as connecting to a proxy a server over SSL. While some others take "HTTPS proxy" as a Man-in-the-middle attack type of proxy server.

But the way connecting to a HTTP proxy server over SSL does exist. Check my question and answer here HTTPs proxy server only works in SwitchOmega , you can deploy one by yourself with tens of lines of code.

like image 134
Rick Avatar answered Sep 27 '22 23:09

Rick


While proxy servers are usually accessed through http (meaning HTTPS_PROXY would reference an HTTP URL), note that curl 7.52+ (Dec. 2016) does support HTTPS proxy and SOCKS+HTTP(s).

That means you can also an HTTPS_PROXY referencing an https URL for a proxy.

Git 2.16 (Q1 2018) acknowledges that with commit 82b6803 (19 Dec 2017) by Wei Shuyu (``).
(Merged by Junio C Hamano -- gitster -- in commit fc4a226, 28 Dec 2017)

Git has been taught to support an https:// URL used for http.proxy when using recent versions of libcurl.

http: support CURLPROXY_HTTPS

HTTP proxy over SSL is supported by curl since 7.52.0.
This is very useful for networks with protocol whitelist.


With Git 2.27 (Q2 2020), a handful of options to configure SSL when talking to proxies have been added.

See commit af02651, commit 88238e0 (04 Mar 2020) by Jorge Lopez Silva (jalopezsilva).
(Merged by Junio C Hamano -- gitster -- in commit aaa6255, 25 Mar 2020)

http: add client cert support for HTTPS proxies

Signed-off-by: Jorge Lopez Silva

Git supports performing connections to HTTPS proxies, but we don't support doing mutual authentication with them (through TLS).

Add the necessary options to be able to send a client certificate to the HTTPS proxy.

A client certificate can provide an alternative way of authentication instead of using 'ProxyAuthorization' or other more common methods of authentication.

Libcurl supports this functionality already, so changes are somewhat minimal.
The feature is guarded by the first available libcurl version that supports these options.

4 configuration options are added and documented, cert, key, cert password protected and CA info. The CA info should be used to specify a different CA path to validate the HTTPS proxy cert.

The Documentation/config/http.txt now includes:

http.proxySSLCert:

The pathname of a file that stores a client certificate to use to authenticate with an HTTPS proxy.

http.proxySSLKey:

The pathname of a file that stores a private key to use to authenticate with an HTTPS proxy.

http.proxySSLCertPasswordProtected:

Enable Git's password prompt for the proxy SSL certificate.
Otherwise OpenSSL will prompt the user, possibly many times, if the certificate or private key is encrypted.

http.proxySSLCAInfo:

Pathname to the file containing the certificate bundle that should be used to verify the proxy with when using an HTTPS proxy.

like image 26
VonC Avatar answered Sep 27 '22 22:09

VonC