-
Bug
-
Resolution: Fixed
-
P3
-
7u40
-
b48
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8084437 | emb-9 | Sean Coffey | P3 | Resolved | Fixed | team |
JDK-8086782 | 8u65 | Sean Coffey | P3 | Resolved | Fixed | b01 |
JDK-8071917 | 8u60 | Sean Coffey | P3 | Resolved | Fixed | b03 |
JDK-8138215 | emb-8u65 | Unassigned | P3 | Resolved | Fixed | b01 |
JDK-8076737 | emb-8u60 | Sean Coffey | P3 | Resolved | Fixed | team |
JDK-8071918 | 7u85 | Sean Coffey | P3 | Resolved | Fixed | b01 |
JDK-8072127 | 7u80 | Sean Coffey | P3 | Resolved | Fixed | b08 |
The connection supports tunneling HTTPS through an NTLM proxy.
The GUI uses a local copy of the Java JRE, and uses the HttpURLConnection class
The connection should use keep-alive by default since the client, proxy and server are all using HTTP/1.1. A single socket should be opened from the GUI and multiple HTTP requests should use the same socket.
Before Java 1.7.0_40, the HTTPS tunnel through the NTLM proxy would do NTLM authentication on the initial CONNECT request, but not on the following HTTP requests. The GUI would open a single socket and reuse it.
In Java 1.7.0_40 and all later JRE versions, including JRE for 1.7.0_72 and 1.8.0_20, each request results in the GUI sending a new CONNECT request to the proxy server, doing the NTLM authentication (successfully), and then creating a new tunnel and new socket to the server.
The problem this causes is that the requests take much longer because it has to create a new socket, and do the SSL handshake with the server. The request time for the second and subsequent requests should normally be around 100ms, but because of the problem, they take 3-4 seconds.
The HTTP headers between the GUI and the proxy servers appear identical in all the JRE versions, but the Java client's behavior is different.
The last good JRE is 1.7.0_25. All versions before that work also OK.
1.6.0_26
1.7.0.17
1.7.0_21
1.7.0_25
Tested all versions after that that were available for download, and none of them work.
1.7.0_40
1.7.0_45
1.7.0_51
1.7.0_67
1.7.0_71
1.7.0_72
1.8.0_20
- backported by
-
JDK-8071917 HTTP Tunnel connection to NTLM proxy reauthenticates instead of using keep-alive
-
- Resolved
-
-
JDK-8071918 HTTP Tunnel connection to NTLM proxy reauthenticates instead of using keep-alive
-
- Resolved
-
-
JDK-8072127 HTTP Tunnel connection to NTLM proxy reauthenticates instead of using keep-alive
-
- Resolved
-
-
JDK-8076737 HTTP Tunnel connection to NTLM proxy reauthenticates instead of using keep-alive
-
- Resolved
-
-
JDK-8084437 HTTP Tunnel connection to NTLM proxy reauthenticates instead of using keep-alive
-
- Resolved
-
-
JDK-8086782 HTTP Tunnel connection to NTLM proxy reauthenticates instead of using keep-alive
-
- Resolved
-
-
JDK-8138215 HTTP Tunnel connection to NTLM proxy reauthenticates instead of using keep-alive
-
- Resolved
-
- relates to
-
JDK-8009251 Add proxy handling and keep-alive fixes to jsse
-
- Closed
-
-
JDK-8166541 HTTPS requests with invalid proxy information do not use keep-alive
-
- Open
-