User-Agent header not sent for CONNECT to httpS remotes

nexus 2.9.2-01

We are running behind an HTTP proxy that requires a particular string in the User-Agent header.

After configuring the "Default HTTP Proxy Settings" and the "User Agent Customization" field in the admin panel, nexus successfully proxies remote repositories with http remote storage locations (e.g. http://nexus.codehaus.org/snapshots/). However, it cannot proxy remote repos with httpS remote storage locations (https://nexus.codehaus.org/snapshots/).

It appears that when attempting to establish the tunnel with the proxy, the HTTP CONNECT request that nexus issues does not include a User-Agent header. Our proxy rejects the HTTP CONNECT request with a 403 response.

Can i work around this via configuration?

Here is a snippet of the nexus logs generated when org.apache.http.wire is set to DEBUG:

jvm 1 | 2014-10-07 17:55:52,756-0400 DEBUG [ar-4-thread-1] admin org.apache.http.wire - http-outgoing-27 >> "CONNECT nexus.codehaus.org:443 HTTP/1.1[\r][\n]"
jvm 1 | 2014-10-07 17:55:52,756-0400 DEBUG [ar-4-thread-1] admin org.apache.http.wire - http-outgoing-27 >> "Host: nexus.codehaus.org[\r][\n]"
jvm 1 | 2014-10-07 17:55:52,756-0400 DEBUG [ar-4-thread-1] admin org.apache.http.wire - http-outgoing-27 >> "Proxy-Connection: Keep-Alive[\r][\n]"
jvm 1 | 2014-10-07 17:55:52,756-0400 DEBUG [ar-4-thread-1] admin org.apache.http.wire - http-outgoing-27 >> "[\r][\n]"
jvm 1 | 2014-10-07 17:55:52,811-0400 DEBUG [ar-4-thread-1] admin org.apache.http.wire - http-outgoing-27 << "HTTP/1.1 403 Forbidden[\r][\n]"
jvm 1 | 2014-10-07 17:55:52,811-0400 DEBUG [ar-4-thread-1] admin org.apache.http.wire - http-outgoing-27 << "Cache-Control: no-cache[\r][\n]"
jvm 1 | 2014-10-07 17:55:52,811-0400 DEBUG [ar-4-thread-1] admin org.apache.http.wire - http-outgoing-27 << "Pragma:no-cache[\r][\n]"
jvm 1 | 2014-10-07 17:55:52,811-0400 DEBUG [ar-4-thread-1] admin org.apache.http.wire - http-outgoing-27 << "Content-Type: text/html; charset=utf-8[\r][\n]"
jvm 1 | 2014-10-07 17:55:52,811-0400 DEBUG [ar-4-thread-1] admin org.apache.http.wire - http-outgoing-27 << "Proxy-Connection: close[\r][\n]"
jvm 1 | 2014-10-07 17:55:52,811-0400 DEBUG [ar-4-thread-1] admin org.apache.http.wire - http-outgoing-27 << "Connection: close[\r][\n]"
jvm 1 | 2014-10-07 17:55:52,811-0400 DEBUG [ar-4-thread-1] admin org.apache.http.wire - http-outgoing-27 << "Content-Length: 1128[\r][\n]"
jvm 1 | 2014-10-07 17:55:52,811-0400 DEBUG [ar-4-thread-1] admin org.apache.http.wire - http-outgoing-27 << "[\r][\n]"
...lots of response body from the proxy about how wrong we were to try that...

compare that with this request from curl:

curl -v https://nexus.codehaus.org/snapshots/

• About to connect() to proxy 10.76.225.15 port 80 (#0)
• Trying 10.76.225.15... connected
• Connected to 10.76.225.15 (10.76.225.15) port 80 (#0)
• Establish HTTP proxy tunnel to nexus.codehaus.org:443
  > CONNECT nexus.codehaus.org:443 HTTP/1.1
  > Host: nexus.codehaus.org:443
  > User-Agent: MY_CUSTOM_USER_AGENT_STRING;
  > Proxy-Connection: Keep-Alive
  >
  < HTTP/1.1 200 Connection established
  <
• Proxy replied OK to CONNECT request
• Initializing NSS with certpath: sql:/etc/pki/nssdb
• CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
• SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA
• Server certificate:
• subject: CN=nexus.codehaus.org,O=OPENXOURCE,L=Camp Hill,ST=Queensland,C=AU
• start date: Sep 26 00:00:00 2013 GMT
• expire date: Mar 09 23:59:59 2015 GMT
• common name: nexus.codehaus.org
• issuer: CN=Thawte SSL CA,O="Thawte, Inc.",C=US
  > GET /snapshots/ HTTP/1.1
  > User-Agent: DHSI60SP1001;
  > Host: nexus.codehaus.org
  > Accept: /
  >
  < HTTP/1.1 200 OK