Re: [cinjug-users] Java Browser -- proxy, authentication, and https

To:	"Hudson, Loren (GE Infra, Aviation, Non-GE, US)" <loren.hudson@xxxxxx>
Subject:	Re: [cinjug-users] Java Browser -- proxy, authentication, and https
From:	"Eric Bardes" <ericbardes@xxxxxxxxx>
Date:	Wed, 12 Sep 2007 14:02:26 -0400
Cc:	users@xxxxxxxxxx
Delivered-to:	mailing list users@xxxxxxxxxx
Dkim-signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=YiZlDGBhXUXtTKuodez57A6UKGmEtarEsqMLSXyhPy8=; b=rkPgesF+Hs5EUZKmDnuN3eyDJ45ZJCIZXcy6HlmhE/nRiJfXInY2T1+hzrKbd+EY3GGF0TPyskLiBiZ9bk9pPKswdFK40d2JPcq2IuN1y389XOKq+EEqjCnJLjXI6VHQpbNs1yRlmxeRU0OjuyCx/9jtJA4/KKwP/QYAeyCpYBA=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=QdgadIwhQ4rF7G7AoCj2eJG4BpGui+B98T/OGILR2vd5BviSzdr5FK5fkcg38Gn8sYscxQt+v+RRh9A9CBq1SPJ7xHo2VCrCAt1RIIjy8Zdu0zCj2YoCChvDOBi7ZzH8PMJG+DVhkm9SjqnHtaaE5WJ9/yh38CDPdbmPffi0gcQ=
In-reply-to:	<0BE974242D712B4B86B49792A69D789C02C37D11@xxxxxxxxxxxxxxxxxxxxxxxx>
Mailing-list:	contact users-help@xxxxxxxxxx; run by ezmlm
References:	<46D77CD3.8000705@xxxxxxxxxxx> <0BE974242D712B4B86B49792A69D789C02C37D11@xxxxxxxxxxxxxxxxxxxxxxxx>

There is a post about using the Apache Commons library which I must
agree with.  So unless there are specific policy restrictions against
using it, I would.

SSL introduces some new problems.  One of the goals of SSL in addition
to encrypting the data is to validate the remote endpoint of a
connection.  The remote endpoints sends a certificate to the browser
which validates the certificate against a hard-coded list of
certificate agencies distributed with the browser.

When you connect through a proxy server, the proxy server must have a
mechanism can not interfere with the SSL session otherwise SSL can not
be used validate the endpoint and SSL would not be able to protect the
data transport.

Most proxy servers add an HTTP method called CONNECT in addition to
GET and POST.  The first part of the connection is done non-SSL and
the second part is then SSL.  The web browser connects to the proxy
server in the clear and sends a request to the proxy server something
like:

CONNECT https://www.ecommerce.com:443/purchase HTTP/1.0
Proxy-Authorization: <AUTH-STRING>

The proxy server parses the HTTP headers and then has to provide a
transparent connection between the browser (which switches to SSL at
this point) and the remote site specified in the header.

-- 
Cheers,
Eric Bardes

<Prev in Thread]	Current Thread	[Next in Thread>
Java Browser -- proxy, authentication, and https, Hudson, Loren (GE Infra, Aviation, Non-GE, US) Re: [cinjug-users] Java Browser -- proxy, authentication, and https, Eric Bardes <= RE: [cinjug-users] Java Browser -- proxy, authentication, and https, Hudson, Loren (GE Infra, Aviation, Non-GE, US)

Previous by Date:	Re: [cinjug-users] Hibernate - increment generator, Kumar
Next by Date:	RE: [cinjug-users] Java Browser -- proxy, authentication, and https, Hudson, Loren (GE Infra, Aviation, Non-GE, US)
Previous by Thread:	Java Browser -- proxy, authentication, and https, Hudson, Loren (GE Infra, Aviation, Non-GE, US)
Next by Thread:	RE: [cinjug-users] Java Browser -- proxy, authentication, and https, Hudson, Loren (GE Infra, Aviation, Non-GE, US)
Indexes:	[Date] [Thread] [Top] [All Lists]