[
https://issues.apache.org/jira/browse/HTTPCLIENT-2401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18030010#comment-18030010
]
Oleg Kalnichevski commented on HTTPCLIENT-2401:
-----------------------------------------------
> shouldn’t we suppress Upgrade: TLS/1.2 on proxied clear-text hops and only
> attempt it on direct http connections?
[~abernal] Why should we do that?
Oleg
> RequestUpgrade interceptor tries to upgrade the connection when using proxies
> -----------------------------------------------------------------------------
>
> Key: HTTPCLIENT-2401
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2401
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 5.5.1
> Reporter: Lakatos Gyula
> Priority: Minor
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The {{RequestUpgrade}} interceptor tries to upgrade the connection to TLS 1.2
> when proxies are being used. Most proxies don't support HTTPS connections,
> only HTTP tunneling (via {{{}CONNECT{}}}).
> Here is a trivial example that reproduces the error:
> {code:java}
> package com.example.proxy.apachehttpclient5;
> import org.apache.hc.client5.http.classic.methods.HttpGet;
> import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
> import org.apache.hc.client5.http.impl.classic.HttpClients;
> import org.apache.hc.core5.http.HttpHost;
> import org.apache.hc.core5.http.io.entity.EntityUtils;
> import java.io.IOException;
> public class Main {
> public static void main(String[] args) throws IOException {
> try (final CloseableHttpClient httpclient = HttpClients.custom()
> .setProxy(new HttpHost("proxy.scrape.do", 8080))
> .build()) {
> final HttpGet request = new HttpGet("http://crawler-test.com/";);
> request.setHeader("Proxy-Authorization", "Basic xyz");
> String responseContent = httpclient.execute(request, response ->
> EntityUtils.toString(response.getEntity()));
> System.out.println(responseContent);
> }
> } {code}
> The proxy service returns with a 400 Bad Request.
> As a workaround, the logic in the {{RequestUpgrade}} interceptor can be
> disabled with a {{RequestConfig}} that sets {{protocolUpgradeEnabled}} to
> false. However, I think the default behavior is still incorrect in this case
> and is highly unexpected. It took me a significant amount of digging around
> to figure out what's going on in the background.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
