Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
702
Views
0
Helpful
1
Replies

Handling of HTTPS traffic by a HTTP proxy

Gowtham V
Level 1
Level 1

‎09-13-2015 06:40 AM

We have a explicit http proxy in our environment, in which i faced an issue with a HTTPS site. I would like to know how a HTTP proxy handles a HTTPS traffic?

I Understand that there are two handshake happening here, 

1. From Client machine to WSA appliance. (using proxy port)

2. From WSA to public server. (Actual traffic eg: http/https)

 

How does a SSL/TLS negotiation happen here on both the steps above?

Lets say my browser has only SSL 3.0 and TLS 1.0 enabled.

 

Labels:
0 Helpful
1 Reply 1

Tom Foucha
Cisco Employee
Cisco Employee

‎09-15-2015 08:39 PM

Unless you are doing decryption on the HTTPS traffic it simply tunnels the traffic via the TCP_CONNECT on port 443. Now because you say you are doing explicit chances are you are running over a single port like 80, 8080 or 3128 in most cases. If you are not doing any HTTPS inspection the WSA simply forwards the certificates requests back and forth via the tunnel and doesn't interfere.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents