Bug 1000773 - nc breaks on HTTP/1.1 proxy servers
nc breaks on HTTP/1.1 proxy servers
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: nc (Show other bugs)
All Linux
medium Severity medium
: rc
: ---
Assigned To: Petr Šabata
Martin Žember
: Patch
Depends On:
Blocks: 1159820
  Show dependency treegraph
Reported: 2013-08-24 23:20 EDT by Andreas M. Kirchwitz
Modified: 2015-07-13 00:14 EDT (History)
8 users (show)

See Also:
Fixed In Version: nc-1.84-23.el6
Doc Type: Enhancement
Doc Text:
Feature: Netcat now understands HTTP/1.1 proxy responses. Reason: Some proxies send HTTP/1.1 responses to HTTP/1.0 requests. Netcat didn't understand these and was therefore unusuable in such situations. Result: Netcat now works with HTTP/1.1-only proxies.
Story Points: ---
Clone Of:
Last Closed: 2014-12-08 04:08:02 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Andreas M. Kirchwitz 2013-08-24 23:20:20 EDT
Description of problem:
nc only supports HTTP/1.0 proxy servers and fails on HTTP/1.1 responses.

$ nc -X connect -x proxy.example.com:3128 www.example.com 443
nc: Proxy error: "HTTP/1.1 200 Connection established"

nc works fine without proxy or with HTTP/1.0 proxy servers, but with recent versions of Squid (always sending HTTP/1.1 responses) it fails. Proxy servers must send the highest HTTP version they support (not necessarily the same as the version of the original request).

If you look into the source code, nc expects a hardcoded "HTTP/1.0 200 " response. It shouldn't care about the HTTP version as long as it gets a positive "200" response.

Version-Release number of selected component (if applicable):

How reproducible:
Use nc to connect through a HTTP/1.1 proxy.

Steps to Reproduce:
1. see above

Actual results:
nc aborts because of hardcoded HTTP version.

Expected results:
Happily connect and ignore the HTTP version (the "200" response is all that matters).

Additional info:
I could use "ncat" (nmap) instead but that has also an issue with HTTP proxy.
Comment 2 Petr Šabata 2013-08-26 04:50:51 EDT
This is an easy fix and already present upstream, too.
Comment 6 ruckc@yahoo.com 2014-05-29 09:12:50 EDT
This should be a trivial fix, please update from upstream.
Comment 10 Petr Šabata 2014-11-26 09:38:58 EST
A fix pushed in nc-1.84-23.el6.
Comment 14 errata-xmlrpc 2014-12-08 04:08:02 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.