Thread: HTTPS question
View Single Post
  #4 (permalink)  
Old 02-14-2008, 09:40 PM
Sebastian G.
Guest
  
Posts: n/a
Default Re: HTTPS question
Rich Fife wrote:

> On Feb 14, 11:55 am, Bruce Stephens <bruce
> +use...@cenderis.demon.co.uk> wrote:
>> Rich Fife <rf...@amug.org> writes:
>>
>> [...]
>>
>>> Do you send an unencrypted HTTP header and then pop over to SSL
>>> immediately afterwards? When do you do the SSL handshaking? Before
>>> or after you send the header?
>> Start straight off with SSL/TLS. (I believe there's a proposal for an
>> HTTP startTLS, but I don't think it's caught on.)
>
> So I do an SSL handshake directly with the proxy and then it
> handshakes with the server? If I don't, how does the proxy know what
> server I want (it's only in the (encrypted) HTTP header)?


First you create a connection to the proxy which may or may not be secured
with SSL. Then you send a CONNECT request to the proxy, telling him the host
you want to talk to. He then sets up the connection and proxies all traffic,
and if it's secured with SSL then he doesn't know the content.

Reply With Quote