On Mon, 15 Feb 2010 09:45:27 -0500, Bill Stephens <grapeguy@xxxxxxxxx> wrote: > All, > > My institution has a proxy.pac configuration that proxies HTTP traffic > but not HTTPS. This works fine in a browser. When I try to configure > Java to use the proxy it will connect to HTTP URLs just fine and barf > on HTTPS because the proxy changes the protocol on secure requests to > HTTP and our Web Services do not like that. A badly broken proxy by the sounds of it. > > Can a Squid proxy be configured as follows? > 1. HTTP traffic: forward to existing proxy > 2. HTTPS traffic: direct connect This is a Java problem at the core. It sounds like your Java can't interpret PAC files. See about fixing that first, a version of Java that can do HTTP stuff properly may come with a lot of other useful fixes. HTTPS was designed specifically to prevent man-in-middle attacks such as interception proxies. You require administrative control over the domains being visited or the client computers doing the connecting to get around the security errors thrown up by HTTPS. You will also require Squid-3.1 sslbump feature probably. Your best bet though is getting the broken proxy fixed or replaced with something that knows HTTP. Amos
