https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #4 from Christopher Schultz <ch...@christopherschultz.net> --- (In reply to Bill Barker from comment #3) > That means that the "PROXY ..." line is encrypted > over SSL/TSL just like everything else in the payload. This in turn means > that all of the code that is required to support this comes at the point of > reading the initial request line and no special handling is required for > SSL/TSL. That's not my reading of this spec. The proxy prepends the header information to the front of whatever the client is sending. The fact that the original connection is encrypted is irrelevant. The PROXY protocol allows anything to be tunneled, including non-encrypted configurations. > It would be a huge security hole if the proxy was allowed to inject a plain > text (for version 1) payload in front of the encrypted payload. Why? > Both of them would have to be encrypted if you are using an encrypted > connection between the proxy and the receiver. There is no requirement to encrypt the traffic between the proxy and the receiver. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
