I would like to somehow use or modify your nice Proxy app, to enable any IM client to encrypt its messages.

I am thinking that it can be solved by running a Proxy on the same box as the IM client, to SSL-encode the TCP channel, and running another Proxy on a remote box, to SSL-decode the channel. The anticipated benefit is that I have added encrypted communications between the two proxies. For example an AIM user running in a corporate intranet wants his conversation to be private, not subjecting the IM text to monitoring by the corporate systems when IM'ing to someone on the outside.

Is this possible with Proxy as it exists now?

Otherwise, does it sound possible that a programmer could add such a thing to the Proxy? I see you have libraries for SSL...

Regards,
Geoff

It is not possible with the current version of the proxy to layer the application data on top of a secure connection, but it can certainly be done.
It's not trivial to integrate the security library and the proxy and write a secure proxy layer, but it's definitely better than having to write everything from scratch ;-)

However keep in mind that the SOCKS implementation in the server does not support UDP sockets -- only TCP connections are supported. If your instant messenger is using UDP, you're pretty much out of luck.

Let's say I have an IM client that already has SSL support built-in. And it has proxy support. (RhymBox is my example.)

Would Proxy be able to sit on a second box, listening on port 80, and forward the traffic it receives from the client, out to port 443 (SSL) on the ultimate server?

This way I am at least achieving secure communication, while sending it thru port 80 for ease of ingress/egress.

Oh, and which listener type is better: portmapper, or socks5, for this purpose?

(I am not sure when to use portmapper versus socks5 in general.)

Thanks!

> Would Proxy be able to sit on a second box, listening on port
> 80, and forward the traffic it receives from the client, out to
> port 443 (SSL) on the ultimate server?

Yes, it should be possible, but I can't comment on the technical details because I don't know how your IM client uses the SSL protocol.

> Oh, and which listener type is better: portmapper,
> or socks5, for this purpose?

The port mapper and the SOCKS server are very different creatures.
You can compare the port mapper with an electrical extension cable. It simply forwards everything it gets on one end to the other end of the cable.
The SOCKS server on the other hand can be compared with a switchboard operator. When you connect to it, you tell it who you want to talk to, and the server will connect you with that address. This is more powerful than the port mapper, but it requires a bit more overhead [the initial handshake].
If your client application supports SOCKS, you should generally use it.

I meant to find a way for an IM client that is NOT using SSL to connect to a proxy. that proxy connects to another proxy using SSL. This 2nd proxy finally connects to the IM client's intended server on the 'not SSL' port.

So in other words is it possible to create a section of the trip in SSL between the 2 proxies only?

I control both proxies. They are your proxy software.

That's difficult because most IM clients communicate with a server that you do not control [ie. MSN uses the passport servers, ICQ uses 'login.icq.com', etc.]. It's probably going to be difficult to differentiate between a connection that you should secure [the actual IM messages] and a connection that you should not secure [logging on]. However this all depends on the protocol you're using.