1

My JavaFX client application and server has PK Pinning enabled. However, some clients ask us to add proxy support to the client app because the direct access in their office is closed and all the traffic goes through a proxy.

Is it possible to use PK Pinning? Is PK Pinning a direct opposite to using proxy?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Evgeniy Mishustin
  • 121
  • 6
  • Depends if the clients want to be able to read the traffic or not. Can pass the data your app generates through a proxy, but it would only be visible as encrypted data. If they want to MitM the traffic, using their own SSL certificate, it'll probably break (although browsers will ignore pinned certs if there is a locally installed proxy cert - don't know if Java will) – Matthew Apr 05 '17 at 10:25
  • lets say I don't want them to intercept. If it possible to simple go through? How it will work in that scenario, won't proxy use its own PK? – Evgeniy Mishustin Apr 05 '17 at 10:33
  • Depends on the proxy config. If the proxy only allows data it can examine through, your app won't work. If it falls back to passing data through if it can't decrypt it, it'll be fine. If it is just being used to route data (for example, a SOCKS proxy), it doesn't care what is being sent, so will be fine. – Matthew Apr 05 '17 at 10:47
  • 1
    I think the question Matthew is asking is "what kind of proxy?" – schroeder Apr 05 '17 at 11:46
  • HTTP or HTTPS ? – Evgeniy Mishustin Apr 06 '17 at 06:56

0 Answers0