Re: HTTP-Continue

From: Alan J. McFarlane (alanjmcf_at_yahoo.com)
Date: 05/15/03 

Date: Thu, 15 May 2003 13:54:17 +0100

Jonas Blunck <no_spam@spam.blunck.info> wrote:
> Hi all,
>
>
> I have an application that uses SSL when it communicates with a web
> server. Everything works as expected until I add a proxy in between.
> My app sends a CONNECT to the proxy, receives a successful 200 back,
> and then tries to initiate the SSL handshake.
>
>
> The problem starts when I send my client hello message to the server.
> On some proxies (such as Microsoft ISA Server), the proxy sends a
> HTTP Continue message to the web server.
>
I don't understand this. A proxy can't send a HTTP Response message (with
Status Code 100 Continue) to a server: the proxy is a client to the server
so can only send Request messages. Or do you mean that the proxy sends a
HTTP Request message to the server with a Continue Expectation?

Either would seem to be incorrect. As I understand it, the CONNECT should
create a opaque channel between the client and the (destination) server and
the proxy should not send interfere with it.

> The web server, for some reason, dislikes this message, drops the
> entire TCP connection and terminates the SSL handshake process (which
> never really started).
>
Is the connection to the server on port 443 or to port 80 then an UPGRADE is
carried out? With the later the server is fully within its rights to kill
the connection if the received data is not good SSL/TLS data.

> Now, why do some HTTP proxies send these messages when others don't?
> What does this message mean?
>
You need to clarify where this message is sent and what it exactly is, is it
definately a 100 rather that a 101 for instance. It seems broken to me at
the moment.

You might get even more useful help at e.g.
http://lists.w3.org/Archives/Public/ietf-http-wg/

Alan 

-- 
Alan J. McFarlane
http://homepage.ntlworld.com/alanjmcf/
Please follow-up in the newsgroup for the benefit of all.

Relevant Pages

  • IE 5.x SSL Through Proxy Server Issue
    ... The support for SSL through a proxy server was never implemented in the IE ... reusing a connection that has already been established (this is the ...
    (NT-Bugtraq)
  • Re: ISA Server Problems, please help
    ... Based on the rules you have listed, SecureNAT clients should only be allowed ... The All access rule for SBS Internet Users ... Web Proxy and/or Firewall Client ... > header to the publishing server instead of the actual one. ...
    (microsoft.public.windows.server.sbs)
  • RE: Simple ISA 2004 questions
    ... You'd better create a new GPO for IE proxy, ... Run "gpmc.msc" in SBS server, ... ISA Server 2004 Query can give you some help. ... In the Microsoft Internet Security and Acceleration Server 2004 console, ...
    (microsoft.public.windows.server.sbs)
  • Re: How to pass through a SSL connect by a http proxy?
    ... >>command to the proxy server on port 443, which will then set up a tunnel ... >>to the web server. ... >>the traffic in the tunnel is ssl or something else. ... If you want the Firewall to allow content filtering, ...
    (comp.security.misc)
  • Re: 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED bei 2 Servern von 6
    ... Ich habe mir nun auf einem Server, der sich bei MS Updateservices bedienen konnte, WSUS installiert. ... Log Time Client IP Destination IP Destination Port Protocol Action Rule Client Username Source Network Destination Network HTTP Method URL Error Information HTTP Status Code Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy ... Connection Unrestricted Internet access anonymous Internal External HEAD ...
    (microsoft.public.de.german.isaserver)