JDK-6973030 : NTLM proxy authentication fails with https
  • Type: Bug
  • Status: Closed
  • Resolution: Fixed
  • Component: core-libs
  • Sub-Component: java.net
  • Priority: P3
  • Affected Version: 6u14
  • OS: windows
  • CPU: x86
  • Submit Date: 2010-07-29
  • Updated Date: 2011-03-08
  • Resolved Date: 2011-03-08
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availabitlity Release.

To download the current JDK release, click here.
JDK 6 JDK 7
6u24-revFixed 7 b109Fixed
Description
When a client running under Java 32 bit, 1.6.0_14, tries to connect to a server via https, and the Internet traffic goes through a NTLM authenticating proxy, this will fails. The client is using java.net.HttpUrlConnection.

Comments
EVALUATION A fix is being planned for JDK 6.
2010-12-14

EVALUATION Changeset: 367b90ed38b1 Author: chegar Date: 2010-08-03 12:03 +0100 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/367b90ed38b1 6973030: NTLM proxy authentication fails with https Reviewed-by: michaelm ! src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java ! test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/B6226610.java
2010-08-03

EVALUATION Send the "Proxy-Connection: keep-alive" header with HTTP CONNECT requests for compatibility with HTTP/1.0 proxies such as Squid. This is required for NTLM authentication. Links for more context/reference on this bug: http://bugs.squid-cache.org/show_bug.cgi?id=2022 https://bugzilla.mozilla.org/show_bug.cgi?id=201054 http://code.google.com/p/chromium/issues/detail?id=8771
2010-07-29

SUGGESTED FIX As described on http://stackoverflow.com/questions/1326849/java-6-ntlm-proxy-authentication-and-https-has-anyone-got-it-to-work add the following code to HttpURLConnection.java if (http.getHttpKeepAliveSet()) { if (http.usingProxy) { requests.setIfNotSet("Proxy-Connection", "keep-alive"); } } in HttpURLConnection.sendCONNECTRequest() before setPreemptiveProxyAuthentication(requests); http.writeRequests(requests, null); at line 1574
2010-07-29