-
Notifications
You must be signed in to change notification settings - Fork 224
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for https proxies in Tendermint RPC #819
Comments
So just to clarify here, is this TLS proxy transparent? i.e. it's not an HTTP proxy, but a TLS/TCP proxy? |
HTTP CONNECT proxies are effectively TCP proxies which piggyback on HTTP for initial setup which specifies the egress destination. They can be used for any TCP-based protocol. When an HTTPS (or other TLS) session is negotiated over them, they provide end-to-end encryption where the proxy sees only ciphertext. |
Some discussion I had with the team about this issue yesterday resulted in a little confusion for me wrt your use case. At the risk of being overly verbose, but for the sake of clarity, which of the following two types of proxies best describes your requirement right now?
I've already implemented (1), because it's low-hanging fruit and will be opening a PR for it shortly. Implementing (2) is a little more complicated because |
We're using an HTTP CONNECT proxy in a standard forward/egress proxy configuration. It also looks like |
During the stargate launch the earlier available RPC node was the cosmostation's node. I couldn't use it because it was behind an HTTPs proxy.
Tendermint RPC uses the Tendermint Address type which only takes TCP as a network protocol. As result the information to perform an HTTPS handshake on connection isn't passed to hyper when constructing a http connection.
It would be nice to be able to support https proxies.
I suggest we extend the Address type to natively support http and https.
The text was updated successfully, but these errors were encountered: