[stunnel-users] Username and Password in Clear Text

• Previous message (by thread): [stunnel-users] Transparent Proxy Source on HPUX 11i
• Next message (by thread): [stunnel-users] Username and Password in Clear Text
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I am using stunnel 4.56 Windows verison.

I thought the username and password will *only* be sent to SERVER2, *after*
the SSL handshake, with each request.

However, the truth is that the Proxy-Authorization header is attached to
the request to SERVER1 "CONNECT SERVER2:433 HTTP/1.1", as well.

So SERVER1 can see username and password. It is not necessary and safe.

Am I missing anything here?

Regards,
Peter


[stunnel]
client = yes
accept  = 127.0.0.1:8080
connect = SERVER1:3128
protocol = connect
protocolHost = SERVER2:443
protocolUsername = username
protocolPassword = password
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20131024/752871bb/attachment.html>

• Previous message (by thread): [stunnel-users] Transparent Proxy Source on HPUX 11i
• Next message (by thread): [stunnel-users] Username and Password in Clear Text
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]