jumaris / sshtunnel

Automatically exported from code.google.com/p/sshtunnel
GNU General Public License v3.0
1 stars 0 forks source link

Support SPDY Proxy (aka SSL Proxy, Secure Proxy, etc) #131

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Chrome has already implemented it. So the codes should be all open now.

http://dev.chromium.org/developers/design-documents/secure-web-proxy

Original issue reported on code.google.com by peter.k....@gmail.com on 6 Jul 2012 at 6:29

GoogleCodeExporter commented 9 years ago
Why do you want SSH tunnel to support SSL proxy? You already have a secure 
tunnel set up - all you get is encrypting the traffic between the application 
and the local tunnel.

Is it a security issue (other local applications may be sniffing my local 
traffic) or have you confused what the difference between an SSH tunnel and a 
proxy is?

Original comment by anders.k...@gmail.com on 10 Jul 2012 at 7:03

GoogleCodeExporter commented 9 years ago
The web traffic to the proxy server occurs intermittently (especially if you 
filter the traffic with a pac file), while the SSH tunnel has to be maintained 
at all the time.

With a https proxy, the SSL tunnel is created only one request before the web 
traffic (http/https). The http/https traffic travels inside the SSL packet.

On a mobile device, the second approach may be more desirable.

Original comment by peter.k....@gmail.com on 10 Jul 2012 at 7:18

GoogleCodeExporter commented 9 years ago

Original comment by max.c...@gmail.com on 14 Aug 2012 at 2:07

GoogleCodeExporter commented 9 years ago
Just want to add another word.

I just noticed that SSHTunnel supports a remote Socks proxy (as opposed to the 
local Socks proxy opened by ssh). 

According to the feedbacks, how often does the connection get RST by GFW?  I 
guess it is a real issue, as I see there are some people working on projects 
that encrypt the Socks traffic, e.g. https://github.com/clowwindy/shadowsocks .

The idea of my original proposal is probably better complained in the last 
section of the following webpage,  http://wiki.squid-cache.org/Features/HTTPS

It is possible to encrypte the plain-text http traffic to the proxy server. 
There are several implementation on the server side, but there is still lacking 
one for the Android client.

Original comment by peter.k....@gmail.com on 13 Oct 2012 at 5:59