On Mon, 15 Feb 2010 09:45:27 -0500, Bill Stephens <grapeguy_at_gmail.com>
wrote:
> All,
>
> My institution has a proxy.pac configuration that proxies HTTP traffic
> but not HTTPS. This works fine in a browser. When I try to configure
> Java to use the proxy it will connect to HTTP URLs just fine and barf
> on HTTPS because the proxy changes the protocol on secure requests to
> HTTP and our Web Services do not like that.
A badly broken proxy by the sounds of it.
>
> Can a Squid proxy be configured as follows?
> 1. HTTP traffic: forward to existing proxy
> 2. HTTPS traffic: direct connect
This is a Java problem at the core. It sounds like your Java can't
interpret PAC files. See about fixing that first, a version of Java that
can do HTTP stuff properly may come with a lot of other useful fixes.
HTTPS was designed specifically to prevent man-in-middle attacks such as
interception proxies. You require administrative control over the domains
being visited or the client computers doing the connecting to get around
the security errors thrown up by HTTPS. You will also require Squid-3.1
sslbump feature probably.
Your best bet though is getting the broken proxy fixed or replaced with
something that knows HTTP.
Amos
Received on Tue Feb 16 2010 - 01:08:27 MST
This archive was generated by hypermail 2.2.0 : Tue Feb 16 2010 - 12:00:05 MST