Pros and cons of using a Http proxy v/s https proxy?
The JVM allows proxy properties http.proxyHost and http.proxyPort for specifying a HTTP proxy server and https.proxyHost and https.proxyPort for specifying a HTTPS proxy ser
-
There are no pros or cons. And there are no "HTTPS proxy" server.
You can tell the protocol handlers which proxy server to use for different protocols. This can be done for
http,https,ftpandsocks. Not more and not less.I can't tell you if you should use a different proxy for https connections or not. It depends. I can only explain the difference of an http and https request to a proxy.
Since the HTTP Proxy (or web proxy) understands
HTTP(hence the name), the client can just send the request to the proxy server instead of the actual destenation. This does not work forHTTPS. This is because the proxy can't make the TLS handshake, which happens at first. Therefore the client must send aCONNECTrequest to the proxy. The proxy establishes a TCP connection and just sends the packages forth and back without touching them. So the TLS handshake happens between the client and destenation. The HTTP proxy server does not see everything and does not validate destenation servers certificate whatsoever.There can be some confusion with this whole http, https, proxy thing. It is possible to connect to a HTTP proxy with https. In this case, the communication between the client and the proxy is encrypted.
There are also so called
TLS terminatingorinterceptionproxy servers like Squid's SSL Peek and Splice or burp, which see everything. But this should not work out of the box, because the proxy uses own certificates which are not signed by trusted CAs.References
- https://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html
- https://parsiya.net/blog/2016-07-28-thick-client-proxying---part-6-how-https-proxies-work/
- http://dev.chromium.org/developers/design-documents/secure-web-proxy
- https://tools.ietf.org/html/rfc2817#section-5
- https://tools.ietf.org/html/rfc7231#section-4.3.6
加载中...
- 热议问题