[
https://issues.apache.org/jira/browse/HTTPCLIENT-1669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14644846#comment-14644846
]
Reinhold Früsmer commented on HTTPCLIENT-1669:
----------------------------------------------
Good news: after upgrading Squid to version 3.3.8, the integrated Windows NTLM
authentication works as expected without any modifications to httpclient. Since
our software requirements demand full support of HTTP/1.1 for all components
involved in end-to-end communication, there's no need for us to modify
httpclient anymore, provided that other HTTP/1.1 compliant proxy servers are
behaving the same way. I lower the severity for now and leave it up to you
either adding the proxy-connection keep-alive header as some sort of
"compatiblity-improvement" or to close the issue.
Thanks for advice!!
> Integrated NTLM Windows Authentication doesn't work over HTTPS
> --------------------------------------------------------------
>
> Key: HTTPCLIENT-1669
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1669
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.5
> Environment: Win7 / Squid Proxy 2.7.STABLE8
> Reporter: Reinhold Früsmer
> Priority: Blocker
>
> Hi,
> integrated NTLM Windows Authentication is working properly over HTTP
> connections, but not over HTTPS.
> The wireshark sequence is as follows:
> 323 10.584292000 192.168.85.96 192.168.85.236 HTTP 182
> CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1
> 325 10.584539000 192.168.85.236 192.168.85.96 HTTP 1436
> HTTP/1.0 407 Proxy Authentication Required (text/html)
> 336 10.645235000 192.168.85.96 192.168.85.236 HTTP 266
> CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1 , NTLMSSP_NEGOTIATE
> 338 10.658532000 192.168.85.236 192.168.85.96 HTTP 1436
> HTTP/1.0 407 Proxy Authentication Required (text/html)
> Connection is closed then.
> With a modified version of MainClientExec#createTunnelToTarget at line 457 it
> works when adding the following header to the connect request
> >>> connect.addHeader("Proxy-Connection", "Keep-Alive");
> I am not very familiar with the HttpClient code, maybe there's a "cleaner"
> solution for this or it maybreak other things I am not aware of, but it works
> in our test cases.
> The Wireshark sequence then becomes:
> 174 4.457754000 192.168.85.96 192.168.85.236 HTTP 212
> CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1
> 176 4.458258000 192.168.85.236 192.168.85.96 HTTP 1436
> HTTP/1.0 407 Proxy Authentication Required (text/html)
> 198 4.513611000 192.168.85.96 192.168.85.236 HTTP 296
> CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1 , NTLMSSP_NEGOTIATE
> 200 4.519928000 192.168.85.236 192.168.85.96 HTTP 1436
> HTTP/1.0 407 Proxy Authentication Required , NTLMSSP_CHALLENGE (text/html)
> 202 4.545414000 192.168.85.96 192.168.85.236 HTTP 504
> CONNECT marjory-ttkf.ttsdev.de:443 HTTP/1.1 , NTLMSSP_AUTH, User:
> TEAMTRAINING\FruesmerRe
> 224 4.606172000 192.168.85.236 192.168.85.96 HTTP 93
> HTTP/1.0 200 Connection established
> And continuing happily ....
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
