On Wed, 22 Sep 2004, Martyn Bright wrote:
Interestingly, I have been tasked with evaluating a number of different proxies on both Windows and Linux. To date, the only one that has exhibited this https/auth/domain name stripping problem has been Squid. Does that mean that the others are effectively all using non persistent connections, or is Squid missing a trick somewhere?
Could be either.
What I know for certain is that this problem is a browser bug, not a Squid bug. And a quite serious one as it risks revealing personal details in plain text which was supposed to be SSL encrypted (credit card into etc, depending on what that https request contains).
But it is entirely possible the other proxies you tried all have workarounds for this browser bug, or that they did not use persistent connections, or otherwise manage to avoid triggering the browser bug.
Regards Henrik
