On 5/19/25 5:27 PM, Yann Ylavic wrote:
> On Mon, May 19, 2025 at 4:54 PM Stefan Eissing via dev
> <dev@httpd.apache.org> wrote:
>>
>>> Am 19.05.2025 um 16:46 schrieb Yann Ylavic <ylavic....@gmail.com>:
>>>
>>>
>>> Hm, r1912459 added this test to disable reuse for CONNECT connections
>>> to ProxyRemote, because I thought that CONNECT requests were not
>>> reusable.
>>
>> Hmm, what kind of CONNECT connections are reusable? The common use case is a
>> TLS tunnel, I think. It would not work to reuse that.
>
> I mean reusing the same TLS tunnel created with the target host
> through the RemoteProxy, pushing more data/requests to it as they
> come.
> I think it's no different than reusing a TLS connection to some direct
> backend, the same SSL* is used until it's shut down / closed (e.g.
> forward_info mismatch).
Maybe I am lost now, but when the client uses us as a forward proxy and does a
CONNECT to us the CONNECT to a remote proxy cannot
be used any longer once the client shuts down the connection to us.
It could work fine if the client uses a different HTTP method that requires us
to do a CONNECT to the remote proxy. In this case
we could reuse the connection provided that host and port fit.
Difference here is that in the first case we no insights in the traffic as it
is end to end encrypted while in the second case
we decrypt / encrypt the traffic on our side and have full insight into the
data that is flowing.
Regards
Rüdiger
