Hi, I am using stunnel 4.56 Windows verison.
I thought the username and password will *only* be sent to SERVER2, *after* the SSL handshake, with each request. However, the truth is that the Proxy-Authorization header is attached to the request to SERVER1 "CONNECT SERVER2:433 HTTP/1.1", as well. So SERVER1 can see username and password. It is not necessary and safe. Am I missing anything here? Regards, Peter [stunnel] client = yes accept = 127.0.0.1:8080 connect = SERVER1:3128 protocol = connect protocolHost = SERVER2:443 protocolUsername = username protocolPassword = password
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
