[Privoxy-users] Privoxy and HTTP/2

Fri Dec 29 17:09:04 UTC 2017

Lampshade <lampshade at poczta.fm> wrote:

> You can do local MitM attack on TLS
> and configure it to route unencrypted traffic
> to privoxy, then encrypt it back and send
> to Internet.
> I have done that successfully in the past.

Letting Privoxy itself do the MitM attack is on the TODO
list and has been for a while:

At the moment the Git migration has a higher priority
(we currently don't have a working version control system)
and I hope to be able to work on it again in January.

> Thus the original question.
> I would like to know whether unencrypted
> HTTP/2 would be parsed and manipulated
> by privoxy as HTTP 1.1 is.

Nope.

HTTP/2 is a binary protocol and Privoxy currently isn't
able to handle it at all (tunnelling with CONNECT works
of course).

From the TODO list:

| 121) Add HTTP/2 support. As a first step, incoming HTTP/1.x requests
|      should be translated to outgoing HTTP/2 requests where possible
|      (and if desired by the user).
|      Interested donors: 1.

As doing the MitM attach with external tools is painful to setup,
proper HTTP/2 support doesn't seem to useful to me without TLS/SSL
support in Privoxy itself. Few users would be able to use it.

I don't expect anyone to work on it until #16 is done which is
currently blocked by #54 (the git migration).

Personally I'm also not too impressed by HTTP/2 and would
like to see some unbiased benchmarks first that show that
it performs better than HTTP/1.1 in reasonable configurations.

There currently are a lot of other TODO list items that
look more useful to me (and require less work).

Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.privoxy.org/pipermail/privoxy-users/attachments/20171229/1202d2e9/attachment.bin>