Geek Answers Handbook

Pros and cons of using the proxy server http proxy v / s https?

The JVM allows the proxy properties http.proxyHost and http.proxyPort to specify the HTTP proxy server and https.proxyHost and https.proxyPort to specify the HTTPS proxy server.

I was wondering if there are advantages to using an HTTPS proxy over an HTTP proxy?

Is accessing https-url through an HTTPS proxy less cumbersome than accessing it from an HTTP proxy?

+9
source share
3 answers

An HTTP proxy receives a clear text request, and [in most, but not all cases] sends another HTTP request to the remote server, and then returns the information to the client.

An HTTPS proxy is a relay that receives a special HTTP request (CONNECT verb) and builds an opaque tunnel on the target server (which is not necessary even an HTTPS server). The client then sends an SSL / TLS request to the server and continues with SSL confirmation, and then with HTTPS (if required).

As you can see, these are two completely different types of proxies with different behaviors and different design goals. The HTTPS proxy server cannot cache anything because it does not see the request sent to the server. With an HTTPS proxy, you have a channel for the server, and the client receives and verifies the server certificate (and vice versa, vice versa). An HTTP proxy, on the other hand, sees and controls the request received from the client.

Although an HTTPS request can be sent through an HTTP proxy, it is almost never executed, because in this case the proxy server checks the server’s certificate, but the client can receive and verify only the proxy certificate and as the name in the proxy certificate will not match the address, to which the socket is connected, in most cases a warning will be issued, and SSL-acknowledgment will not be performed (I will not go into details on how to try to solve this problem).

Finally, since an HTTP proxy can view the request, this invalidates the security idea provided by the HTTPS channel, so using an HTTP proxy for HTTPS requests is usually only for debugging purposes (again, we omit cases of paranoid company security policies that require monitoring all HtTPS traffic of company employees).

Addition: also read my answer on a similar topic here .

+32
source

There are no pluses or minuses. And there is no HTTPS proxy server.

You can tell the protocol handlers which proxy server to use for different protocols. This can be done for http , https , ftp and socks . No more and no less.

I cannot tell you whether to use another proxy for https connections or not. It depends. I can only explain the difference between the HTTP and the https proxy request.

Since the HTTP proxy (or web proxy) understands http (hence the name), the client can simply send a request to the proxy server instead of actually destabilizing. This does not work for https . This is because the proxy cannot complete the TLS handshake that occurs first. Therefore, the client must send a CONNECT proxy request. The proxy establishes a TCP connection and simply sends packets back and forth without touching them. Thus, TLS handshaking occurs between the client and destabilization. The HTTP proxy does not see everything and does not check the uninstall server certificate.

There may be some confusion with this entire http, https, proxy page. You can connect to an HTTP proxy with https. In this case, the connection between the client and the proxy server is encrypted.

There are also so-called TLS terminating or interception proxies, such as Squid SSL Peek and Splice or burp , which everyone sees. But this should not work out of the box, because the proxy uses its own certificates that are not signed by trusted CAs.

References

+4
source

If you mean connecting to the HTTP proxy server using TLS , saying HTTPS proxy , then

I was wondering if there are any advantages to using an HTTPS proxy over an HTTP proxy?

The advantage is that your client connection to the proxy server is encrypted. For example, the firewall cannot see to which host you are using the CONNECT method.

Is accessing the https URL through an HTTPS proxy less cumbersome than accessing it through an HTTP proxy?

All the same, except that with an HTTPS proxy, the browser connection to the proxy server is encrypted.

But you need to deploy the certificate on your proxy server, such as on the https website, and use the pac file to configure the browser to connect to the proxy server via SSL .

For more detailed information and a practical example, check my question and answer here HTTP proxy server works only in SwitchOmega

0
source

More articles:


All Articles