BoltConn icon indicating copy to clipboard operation
BoltConn copied to clipboard
Published 1 month ago verified publisher icon XOR-op

HTTP2 support + HTTPS Proxy

Open 0x192 opened this issue 8 months ago • 1 comments

When using BoltConn without root, the proxy can only be accessed without encryption.

It would be great to allow support for HTTPS:

me@host~> curl -4IL --proxy http://127.0.0.1:9961 https://example.com
HTTP/1.1 200 OK

HTTP/2 200

me@host~> curl -4IL --proxy https://127.0.0.1:9961 --cacert ~/.local/share/boltconn/cert/crt.pem https://example.com
curl: (35) TLS connect error: error:0A0000C6:SSL routines::packet length too long

Also, would HTTP2 support be hard to implement?

0x192 avatar May 08 '25 13:05 0x192

I have updated the support for http2, so it should work now. Let me know if anything goes wrong.

As for local https proxy, here are the reasons I don't want to support it:

  1. There is no standardized "https proxy". No RFC or any specs, so it could be difficult to have a good implementation.
  2. There are few applications actually support http proxy with an additional tls layer under it. And because of 1), there will be foreseeable many issues and difficult to fix without actually using them.
  3. If you already connect to the destination server with https, the http proxy will directly forward the TLS traffic without looking into the inner contents (with CONNECT method to upgrade the connection). So if you think https traffic on public network is already safe enough for your threat model, you can just use a normal http proxy.

XOR-op avatar May 09 '25 03:05 XOR-op