librelist archives

« back to archive

HTTPS and modes

HTTPS and modes

From:
Christian Bayle
Date:
2012-08-06 @ 16:29
Hi

is it required to use http_connect for https ?
and should it be possible tu use https with http_relay proxy ?

thanks

Christian

Re: [redsocks] HTTPS and modes

From:
Leonid Evdokimov
Date:
2012-08-07 @ 09:22
On Mon, Aug 6, 2012 at 8:29 PM, Christian Bayle
<christian.bayle@orange.com> wrote:
> is it required to use http_connect for https ?

Yes. Actually, I would advocate against using http_relay - it is not
"tcp-proxy" as it parses HTTP requests and this is not needed in 95%
of use-cases.


> and should it be possible tu use https with http_relay proxy ?

Nope, it makes no sense. HTTPS requires raw TCP connection for SSL to
function, HTTP proxy can't give that, http_connect can (it's called
"HTTPS proxy" or "CONNECT proxy" sometimes).


--
WBRBW, Leonid Evdokimov
xmpp:leon@darkk.net.ru && http://darkk.net.ru
tel:+79816800702 && tel:+79050965222

Re: [redsocks] HTTPS and modes

From:
Susan murphy
Date:
2012-08-07 @ 12:51
can u tell me how can i setup an redsocks user?

Re: [redsocks] HTTPS and modes

From:
Christian Bayle
Date:
2012-08-08 @ 11:42
Le 07/08/2012 14:51, Susan murphy a écrit :
> can u tell me how can i setup an redsocks user?
What do you mean by setup a redsocks user ?

Cheers

Christian

Re: [redsocks] HTTPS and modes

From:
Christian Bayle
Date:
2012-08-08 @ 08:21
Le 07/08/2012 11:22, Leonid Evdokimov a écrit :
> On Mon, Aug 6, 2012 at 8:29 PM, Christian Bayle
> <christian.bayle@orange.com> wrote:
>> is it required to use http_connect for https ?
> Yes. Actually, I would advocate against using http_relay - it is not
> "tcp-proxy" as it parses HTTP requests and this is not needed in 95%
> of use-cases.
>
In this case, I have got a problem that my proxy refuses to make the 
connect
on an ip adress, it's only allowed on FQDN, is there any option I could 
use to tell redsocks to use FQDN instead of
ip in proxy query ?

Cheers

Christian
>> and should it be possible tu use https with http_relay proxy ?
> Nope, it makes no sense. HTTPS requires raw TCP connection for SSL to
> function, HTTP proxy can't give that, http_connect can (it's called
> "HTTPS proxy" or "CONNECT proxy" sometimes).
>
>
> --
> WBRBW, Leonid Evdokimov
> xmpp:leon@darkk.net.ru && http://darkk.net.ru
> tel:+79816800702 && tel:+79050965222


-- 
<http://www.tikimee.com/christianbayle/sig> 	Christian Bayle

Téléphone : +33476764101 / +33676116089
Email : christian.bayle@orange.com
Adresse : 28 chemin du vieux chêne 38243 Meylan Cedex
www.tikimee.com/christianbayle <http://www.tikimee.com/christianbayle/sig>

Re: [redsocks] HTTPS and modes

From:
Leonid Evdokimov
Date:
2012-08-08 @ 08:48
On Wed, Aug 8, 2012 at 12:21 PM, Christian Bayle
<christian.bayle@orange.com> wrote:
> > > is it required to use http_connect for https ?
> > Yes. Actually, I would advocate against using http_relay - it is not
> > "tcp-proxy" as it parses HTTP requests and this is not needed in 95%
> > of use-cases.
> In this case, I have got a problem that my proxy refuses to make the connect
> on an ip adress, it's only allowed on FQDN, is there any option I could 
use to tell redsocks to use FQDN instead of
> ip in proxy query ?

No, it's not possible at this moment. redsocks knows nothing about
domain names, it works at lower level.

It will be possible when https://github.com/darkk/redsocks/issues/23
will be solved.

 --
WBRBW, Leonid Evdokimov
xmpp:leon@darkk.net.ru && http://darkk.net.ru
tel:+79816800702 && tel:+79050965222