Re: [jetty-dev] Can Jetty ProxyServlet handle HTTPS?`

[Greg Wilkins <gregw@xxxxxxxxxxx>]

Gilles,

there are two type of proxies: client configured and transparent.

For client configured proxies, HTTPS connections will be converted to a CONNECT request by the client and an end to end TLS channel created before any requests are sent.

For a transparent proxy, it is the server that decides to proxy the request and it can do so equally for http and https.  The TLS connection will be terminated on the proxy server, so it must be able to provide the certificate for the origin server (or be the origin server).  If the outgoing link is to be TLS, it is a different TLS session and the proxy is a man-in-the-middle.

ProxyServlet can definitely be used in this mode.

cheers

On 29 August 2014 05:54, Gilles Ducret <gilles.ducret@xxxxxxxxx> wrote:

Hi,

I am asking this question because all the examples I have seen recommand to use a ConnectHandler to manage https connect, and hence https traffic.

By reading the code I understand that this handler creates a socket connection between the client and the server and that all the traffic then goes through this socket.

This means that the ConnectHandler acts as a proxy for https.

I have debugged a lot and noticed that ConnectHandler proxies all the https traffic and ProxyServlet proxies all the http traffic.

Is that correct?

Else how can I proxy the https traffic with a ProxyServlet?

Thanks

Gilles

_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-dev