[
https://issues.apache.org/jira/browse/HTTPCLIENT-2401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18029888#comment-18029888
]
Lakatos Gyula edited comment on HTTPCLIENT-2401 at 10/14/25 8:24 PM:
---------------------------------------------------------------------
[~olegk]
Unfortunately, as far as I can see, the proxy details are not being logged.
{code:java}
2025-10-14 20:16:40,135 DEBUG [main][org.apache.hc.client5.http.headers]
http-outgoing-0 >> Upgrade: TLS/1.2
2025-10-14 20:16:40,135 DEBUG [main][org.apache.hc.client5.http.headers]
http-outgoing-0 >> Connection: Upgrade {code}
The TLS upgrade initiated by the client when opening a connection to the proxy
is highly unexpected.
{code:java}
2025-10-14 20:16:40,212 DEBUG
[main][org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager]
ep-0000000001 connection released [route:
{}->http://proxy.scrape.do:8080->[http://crawler-test.com:80]][total available:
0; route allocated: 0 of 5; total allocated: 0 of 25] {code}
For me, it seems that the client wants to use TLS to open the requests to the
proxy provider:
{code:java}
http://proxy.scrape.do:8080{code}
For which there is no reason? Most proxies don't support opening the initial
connection over TLS. I'm sure some of them do End-To-End TLS, but making that
the default option is a bit wild. Especially, when I stated "http" for both
endpoints (proxy & target).
I'm evaluating HTTP clients for new feature development, and I observed this
way of working only with Apache HttpClient (1 out of 4 clients).
was (Author: laxika):
[~olegk]
Unfortunately, as far as I can see, the proxy details are not being logged.
{code:java}
2025-10-14 20:16:40,135 DEBUG [main][org.apache.hc.client5.http.headers]
http-outgoing-0 >> Upgrade: TLS/1.2
2025-10-14 20:16:40,135 DEBUG [main][org.apache.hc.client5.http.headers]
http-outgoing-0 >> Connection: Upgrade {code}
The TLS upgrade initiated by the client when opening a connection to the proxy
is highly unexpected.
{code:java}
2025-10-14 20:16:40,212 DEBUG
[main][org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager]
ep-0000000001 connection released [route:
{}->http://proxy.scrape.do:8080->[http://crawler-test.com:80]][total available:
0; route allocated: 0 of 5; total allocated: 0 of 25] {code}
For me, it seems that the client wants to use TLS to open the requests to the
proxy provider:
{code:java}
http://proxy.scrape.do:8080{code}
For which there is no reason? Most proxies don't support opening the initial
connection over TLS.
I'm evaluating HTTP clients for new feature development, and I observed this
way of working only with Apache HttpClient (1 out of 4 clients).
> RequestUpgrade interceptor tries to upgrade the connection when using proxies
> -----------------------------------------------------------------------------
>
> Key: HTTPCLIENT-2401
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2401
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 5.5.1
> Reporter: Lakatos Gyula
> Priority: Minor
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The {{RequestUpgrade}} interceptor tries to upgrade the connection to TLS 1.2
> when proxies are being used. Most proxies don't support HTTPS connections,
> only HTTP tunneling (via {{{}CONNECT{}}}).
> Here is a trivial example that reproduces the error:
> {code:java}
> package com.example.proxy.apachehttpclient5;
> import org.apache.hc.client5.http.classic.methods.HttpGet;
> import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
> import org.apache.hc.client5.http.impl.classic.HttpClients;
> import org.apache.hc.core5.http.HttpHost;
> import org.apache.hc.core5.http.io.entity.EntityUtils;
> import java.io.IOException;
> public class Main {
> public static void main(String[] args) throws IOException {
> try (final CloseableHttpClient httpclient = HttpClients.custom()
> .setProxy(new HttpHost("proxy.scrape.do", 8080))
> .build()) {
> final HttpGet request = new HttpGet("http://crawler-test.com/";);
> request.setHeader("Proxy-Authorization", "Basic xyz");
> String responseContent = httpclient.execute(request, response ->
> EntityUtils.toString(response.getEntity()));
> System.out.println(responseContent);
> }
> } {code}
> The proxy service returns with a 400 Bad Request.
> As a workaround, the logic in the {{RequestUpgrade}} interceptor can be
> disabled with a {{RequestConfig}} that sets {{protocolUpgradeEnabled}} to
> false. However, I think the default behavior is still incorrect in this case
> and is highly unexpected. It took me a significant amount of digging around
> to figure out what's going on in the background.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
