httpsslhttpstcpproxy

Why is HTTP CONNECT safe to open an SSL tunnel through a proxy


As I understand, in order to open a SSL tunnel between client and a server through a proxy:

Since this first request is made using a TCP request, how can I be sure that I am talking to the good proxy ?

Since SSL makes the communication secure, is there any drawbacks that the communication between the client and the server is through a bad proxy ?

Is there a benefit to open an SSL tunnel through a proxy, as it doesn't even hide the client identity (IP of the client is stored in the HTML header)?


Solution

  • Since this first request is made using a TCP request, how can I be sure that I am talking to the good proxy ?

    In situations where it matters the most (e.g. if the proxy itself requires authentication using clear-text Basic method), the connection to the proxy can also be TLS-protected. I'm not sure if web browsers support that, but some proxies certainly do.

    Often it doesn't matter much. The proxy can be configured to use Digest or Kerberos authentication, and the inner TLS tunnel already protects communication with the final destination host.

    Since SSL makes the communication secure, is there any drawbacks that the communication between the client and the server is through a bad proxy ?

    If the client is configured to use proxy authentication, then a 'bad' proxy can steal HTTP Basic auth credentials.

    The proxy also knows which hosts you are connecting to; it can log this information for various reasons.

    It is also in position to attempt MITM attacks – even if they're not very likely to succeed with inner TLS connections, that won't stop a bad proxy from trying; and of course it can easily MITM plaintext connections (like HTTP), including 'sslstrip' style attacks that stop clients from doing "opportunistic" insecure-secure upgrades.