Technical Details for SSL Tunneling

Internally, SSL tunneling uses the CONNECT method with the destination host name and port number as a parameter followed by an empty line:

CONNECT energy.example.com:443 HTTP/1.0

A successful response from the Proxy Server would be the following, followed by an empty line:

HTTP/1.0 200 Connection establishedProxy-agent: Sun-Java-System-Web-Proxy-Server/4.0

The connection is then set up between the client and the remote server, and data can be transferred in both directions until either closes the connection.

Internally, to benefit from the typical configuration mechanism based on URL patterns, the host name and port number (energy.example.com:443) are automatically mapped into a URL such as this:

connect://energy.example.com:443

connect:// is only an internal notation used by Proxy Server to make configuration easier and uniform with other URL patterns. Outside of the Proxy Server, connect URLs do not exist, and if the Proxy Server receives such a URL from the network, it marks it as invalid and refuses to service the request.