SSL CONNECT Http/1.0 incorrect

[shimpossible]

It seems the https proxy support is not HTTP/1.0 compliant, but
requires HTTP/1.1

To start a https connection one only should only need to send

CONNECT server.com:443 HTTP/1.0

But Fiddler seems to require

CONNECT server.com:443 HTTP/1.0
HOST: server.com:443


If HOST is left off, the connection is closed with no response.
Requiring HOST is for HTTP/1.1 and should only be needed if one
connects with

CONNECT server.com:443 HTTP/1.1

see: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.23

[EricLaw]

All HTTP/1.0 clients SHOULD send a Host header.

Did you find one that doesn't?

[EricLaw]

Fixed in v2.2.0.9: https://www.fiddler2.com/dl/fiddler2alphasetup.exe

[shimpossible]

http://muffin.doit.org/docs/rfc/tunneling_ssl.html

no talk about HOST. Host is a http 1.1 header

[EricLaw]

Indeed, but that's not what I asked. I asked if there's any client
generating such traffic.

The general consensus is that the omission of the Host header
requirement was an error on the part of the HTTP/1.0 specification,
and later updates suggested that HTTP/1.0 clients SHOULD send it.

I believe SSL tunnelling is covered by RFC 2817.

> > > see:http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.23- Hide quoted text -
>
> - Show quoted text -

[shimpossible]

I misunderstood your 1st question.

And example client would be python There is an open issue to fix
support for SSL over proxies (as it wasnt support at all)
http://bugs.python.org/issue1424152

The fix for it will only sends CONNECT, and no host header
http://bugs.python.org/file11332/issue1424152-py26.diff

Suppose it would be easy to add in HOST to the fix it on pythons end
too.

> > > > see:http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.23-Hide quoted text -