On Sunday, October 13, 2013 1:32:36 PM UTC+4, Rong Tang wrote:
>
>
> Thanks a lot for your reply!
> On Friday, October 11, 2013 7:27:12 AM UTC-4, Alex Kocharin wrote:
>>
>>
>> Do you develop both the client and the server? Because raw duplex stream
>> after http handshake is something I never heard before. Maybe you'll get
>> better luck encapsulating tls to websocket connection or something.
>>
>
> Isn't the https proxies handling "CONNECT" requests in this way?
>
Oh, yes... maybe. I didn't use forward HTTP proxies for so much time so I
forget that CONNECT method even exists, because reverse proxies don't have
that.
> Usually such a proxy will forward the duplex stream to some remote server,
> but in my case I need to give control to another local tls module,
> hopefully without excessive copying overhead.
>
If I'd have to implement that, I'll probably go with good old 'net' server
and custom-made HTTP parser proxying all data to another port, and TLS
server can listen on another port as usual. This will at least work with
any version of node, but can be bad for performance.
It's a funny idea though to create 2 HTTP streams with chunked encoding and
>> use it like a one duplex stream, lol, I wanna try that.
>>
>> What are you developing anyway?
>>
>> I need to bypass a firewall which only allow http traffic on port 80. I'm
> trying to encapsulate raw tcp streams into tls, and tunnel it by add
> "CONNECT" heads, so it will go through the firewall. After go through the
> wall, nodejs httpserver can rip off the "CONNECT" part, and hand it over to
> the tls module for further decryption. Any suggestion on how to do this?
>
Are you sure your firewall won't refuse CONNECT method? If they reject 443
port, it means they don't care about HTTPS, which means they might allow
only GET and POST methods.
>
>
>> On Thursday, October 10, 2013 5:52:10 AM UTC+4, Rong Tang wrote:
>>>
>>> Hello,
>>>
>>> I'm trying to setup up a tcp server that handles http request most of
>>> the time, but sometimes need to setup up a tls session with the client
>>> after some http header exchange. I know I can setup a tls.server listening
>>> on another port, and forward the client socket to that port, but the IPC is
>>> needed and the data need to be copied back and forth.
>>>
>>> To put it differently, I'm looking for a TLS transform stream, similar
>>> to zlib stream or crypto streams, but I don't know how to, and don't wish
>>> to, handle those client/server hello stuff manully.
>>>
>>> I check about the net.Server.listen module, it says "The handle object
>>> can be set to either a server or socket (anything with an underlying
>>> _handle member), or a {fd: <n>} object. ". So, can I use the tls.server
>>> to listening on a duplex stream instead of a port, so the client socket can
>>> be piped without involving any IPC?
>>>
>>> Cheers,
>>> Rong
>>>
>>
--
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
