api-gateway: SSLHandshakeException using a Proxy Config
See:
https://groups.google.com/forum/#!topic/membrane-monitor/Q53ewuB6ZFg
Hi,
More news today. I’ve try to make a test with a java core batch in the same context (same server, same proxy…) :
public static void main(String[] args) throws Exception {
CloseableHttpClient httpclient = HttpClients.createDefault();
try {
HttpHost target = new HttpHost("www.google.de", 443, "https");
HttpHost proxy = new HttpHost("gateway.xxxx.zzzzz.net", 80, "http");
RequestConfig config = RequestConfig.custom().setProxy(proxy).build();
HttpGet request = new HttpGet("/");
request.setConfig(config);
CloseableHttpResponse response = httpclient.execute(target, request);
try {
System.out.println(response.getStatusLine());
EntityUtils.consume(response.getEntity());
}
}
}
–> It’s work : HTTP/1.1 200 OK
If I switch “http” by “https” in this line
HttpHost proxy = new HttpHost("gateway.xxxx.zzzzz.net", 80, "https");
I get the same error than with membrane :
Exception in thread "main" javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake [...]
–> It’s sounds like membrane try to access to my proxy server with HTTPS protocol instead HTTP.
Do you know how can I force membrane to access to my proxy with HTTP protocol ?
Best Regards.
About this issue
- Original URL
- State: closed
- Created 10 years ago
- Comments: 17 (6 by maintainers)
Commits related to this issue
- added source code license and notice, see #145 — committed to membrane/api-gateway by rrayst 8 years ago
Hi @saraivamarco . Sorry, the homepage hasn’t been updated yet. You can find the release on https://github.com/membrane/service-proxy/releases/tag/v4.2.3 .
Change set looks good to me. You may need to consider the copy right block in this https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/samples/sockets/client/SSLSocketClientWithTunneling.java
It’s open source but it should have a proper reference for the doTunnelHankshake function.
I went ahead and implemented the proposed fix above, which is working for me in a client’s locked down corporate network. Attached is git diff/patch file with the changes.
enable_ssl_via_proxy_connect.diff.zip
To enable the ssl proxy just have a proxy element in your HttpClientConfig element and/or include the username / password / authentication=true to enable authentication to the proxy for both http and https sessions.