Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow use of CONNECT tunneling for unencrypted requests #37690

Open
NicolasDorier opened this issue Jun 10, 2020 · 6 comments
Open

Allow use of CONNECT tunneling for unencrypted requests #37690

NicolasDorier opened this issue Jun 10, 2020 · 6 comments
Labels
area-System.Net.Http
Milestone
Future

Comments

@NicolasDorier
Copy link

NicolasDorier commented Jun 10, 2020
edited
Loading

I need to create a secure tunnel with HTTP uri, but the HttpConnection only create a tunnel if this the destination is secure, or websocket IsNonSecureWebSocketScheme.

The reason I need it, is that I want to use a Socksv5 HTTP proxy (HTTPTunnelPort on Tor) to access onion website through the HttpClient. Onion website starts by http, but are indeed secure and the HTTP Proxy of Tor only support tunneling.

Our current workaround hack is to code our own HTTP Socks proxy implementation in C#, which does not handle lot's of edge cases in HTTP.
@Dotnet-GitSync-Bot Dotnet-GitSync-Bot added area-System.Net.Http untriaged New issue has not been triaged by the area owner labels Jun 10, 2020
@ghost
Copy link

ghost commented Jun 10, 2020

Tagging subscribers to this area: @dotnet/ncl
Notify danmosemsft if you want to be subscribed.

@NicolasDorier NicolasDorier mentioned this issue Jun 10, 2020
Closed
@scalablecory
Copy link
Contributor

HttpClient will proxy non-secure requests, but only via an HTTP proxy, not a SOCKS proxy. If you're using a HTTP proxy and it's not working for you, can you please supply some code so we can see your usage?

Beyond HTTP proxies, we have an outstanding issue for SOCKS proxy support in #17740, and for HTTPS proxy support in #31113.

Additionally, we'll have a lot more flexibility around this (so you can easily plug in whatever transport you'd like) with #1793.

@NicolasDorier
Copy link
Author

NicolasDorier commented Jun 17, 2020
edited
Loading

@scalablecory HttpClient is proxying HTTP request, the only problem is that it is not creating tunnel for it.

If you proxy to HTTPS or web socket, the first message to the proxy is CONNECT.
If you proxy HTTP, it is GET/POST. TOR HTTP proxy does not support anything else than CONNECT.

I am happy to see direct SOCKS support being worked on though.

@NicolasDorier
Copy link
Author

I am excited about the work at #1793 . I hope the flexibility provided will be enough for my use case.

@scalablecory
Copy link
Contributor

scalablecory commented Jun 17, 2020
edited
Loading

Gotcha.

Typically the form "GET http://foo.com" is used for unencrypted requests (this allows for more efficient connection pooling) and "CONNECT foo.com" is used for encrypted requests.

The ask, then, would be to make this selectable. #1793 would allow a CONNECT tunnel to be used, though we might want to add an option to SocketsHttpHandler directly -- will leave this issue open to see if there's more interest.

@scalablecory scalablecory changed the title Unable to force proxy tunnelling with HttpClient Allow use of CONNECT tunneling for unencrypted requests Jun 17, 2020
@scalablecory scalablecory removed the untriaged New issue has not been triaged by the area owner label Jun 17, 2020
@scalablecory scalablecory added this to the Future milestone Jun 17, 2020
@NicolasDorier
Copy link
Author

Awesome, I am looking forward! Will keep using my home grown proxy for now.

@joelverhagen joelverhagen mentioned this issue May 21, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-System.Net.Http
Projects
None yet
Milestone
Future
Development

No branches or pull requests
3 participants
@NicolasDorier @scalablecory @Dotnet-GitSync-Bot