[tor-dev] Domain Fronting, Meek, Cloudflare, and Encrypted SNI...

Andreas Krey a.krey at gmx.de
Thu Oct 4 07:37:18 UTC 2018

On Wed, 03 Oct 2018 19:01:21 +0000, David Fifield wrote:
> And for that matter, why not a plain old HTTP CONNECT proxy?

Because the typical load balancer/forwarder would have to
decide whether to forward that CONNECT or do it itself,
and some other. CONNECT with a Host: header - I'm not
sure there is such a thing.

> That would
> be even more efficient. But we're limited to what the CDN supports. Most
> CDNs only support basic methods like GET and POST, not CONNECT or the
> special headers needed by WebSocket.

Yes. No. A quick search indicates that aws and azure are already
supporting it, although I'm unable to interpret whether that is
actually the respective product you are/were using.

But websockets are a relevant thing unlike CONNECT, so I do expect
all major players to implement that (and the components I know of
(haproxy, nginx, apache, golang) are there already).

- Andreas

"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800

More information about the tor-dev mailing list