SSF through proxy: allow use of FQDN instead of IP

[Arno0x]

Hi,

Using:

• SSFC on Windows
• SSFS on Debian

When using SSF client with a proxy, the remote host is first resolved by SSF before the HTTP CONNECT is made to the proxy.

It seems to me that this behavior is wrong, or should be parametrized, because of the two following issues:

1. In corporate environment, it may happen that workstation are not allowed/able to perform name resolution for external FQDNs, as this is the role of the proxy in that case.
2. When using IP in the HTTP CONNECT method, it may happen (it actually happens to me) that the corporate proxy blocks connection to IPs instead of FQDN as a security measure.

When using a proxy, the name resolution of the remote host (SSF server) should be left on the proxy, or we should be able to control that behavior through a parameter or in the config file.

Is there any workaround I could use in the meantime ?

Thanks for the great work ! Arno

[securesocketfunneling]

Thanks for your report, bug spotted...

You are completely right about the behavior. We missed that point while adding the proxy layer and no workaround is possible... However, we are planning a light release to add some services configuration in a few weeks. A fix for this will definitely be part of it.

[securesocketfunneling]

2.2.0 binaries are out

This version should fix your issue. Do not hesitate to feedback us!

[Arno0x]

The bug is fixed in the sense SSFC doesn't use IP anymore when connecting to a proxy. Thanks for that !

However, I can't seem to make it work with my corporate proxy. But this is a different story.