24 Oct
2013
24 Oct
'13
5:22 a.m.
Hi, I am using stunnel 4.56 Windows verison. I thought the username and password will *only* be sent to SERVER2, *after* the SSL handshake, with each request. However, the truth is that the Proxy-Authorization header is attached to the request to SERVER1 "CONNECT SERVER2:433 HTTP/1.1", as well. So SERVER1 can see username and password. It is not necessary and safe. Am I missing anything here? Regards, Peter [stunnel] client = yes accept = 127.0.0.1:8080 connect = SERVER1:3128 protocol = connect protocolHost = SERVER2:443 protocolUsername = username protocolPassword = password