Issue #16482 has been updated by hsbt (Hiroshi SHIBATA). Assignee set to hsbt (Hiroshi SHIBATA) ---------------------------------------- Feature #16482: net/http should support TLS connection to proxies https://bugs.ruby-lang.org/issues/16482#change-109057 * Author: xformer (Frank Schwab) * Status: Closed * Assignee: hsbt (Hiroshi SHIBATA) ---------------------------------------- Right now net/http forces the user to use a clear text connection to a proxy. This massively reduces security as the user is forced to sent proxy authentication data in the clear. A proxy is specified in net/http like this: ``` proxy_addr = 'your.proxy.host' proxy_port = 8080 proxy_user = 'aProxyUser' proxy_pwd = 'aProxyPassword' Net::HTTP.new('example.com', nil, proxy_addr, proxy_port, proxy_user, proxy_pwd).start { |http| # always proxy via your.proxy.addr:8080, user 'aProxyUser', password 'aProxyPassword' } ``` There is no scheme present in the 'proxy_addr' variable. In the code of Net::HTTP::new the proxy connection is opened via a TCP socket, not via HTTP or HTTPS. As this considerably weakens security I would like to suggest that it should be made possible to specify that the connection to the proxy is done through a TLS connection. Maybe there could be a use_ssl parameter or the like. Note that this issue is not about the connection that is routed through the proxy but about the connection to the proxy itself. -- https://bugs.ruby-lang.org/