As I understand, in order to open a SSL tunnel between client and a server through a proxy:
- we open a TCP socket with the proxy.
- we make an
HTTP CONNECTmethod, which basically makes the proxy only forwards request, without modifying them. - we then establish an SSL socket between the client and the server, without the proxy involved (since SSL is peer to peer).
Since this first request is made using a TCP request, how can I be sure that I am talking to the good proxy ?
Since SSL makes the communication secure, is there any drawbacks that the communication between the client and the server is through a bad proxy ?
Is there a benefit to open an SSL tunnel through a proxy, as it doesn't even hide the client identity (IP of the client is stored in the HTML header)?
