HTTPS over Socks5 server implementation

Question

I am trying to implement a Socks5 server that could relay both HTTP and HTTPS traffic.

As the RFC1928 mentions, the following steps to establish a connection and forward the data must be taken :

1. Client sends a greeting message to the proxy.
2. Client & proxy authentication (assuming it is successful).
3. Client sends a request to the proxy to connect to the destination.
4. The proxy connects to the destination and sends back a response to the client to indicate a successful open tunnel.
5. The proxy reads the data from the client and forwards it to the destination.
6. The proxy reads the data from the destination and forwards it to the client.

So far, the proxy works as it should. It is able to relay HTTP traffic using its basic data forwarding mechanism. However, any request from the client to an HTTPS website will be aborted because of SSL/TLS encryption.

Is there another sequence/steps that should be followed to be able to handle SSL/TLS (HTTPS) traffic?

Answer 1

The sequence you have described is correct, even for HTTPS. When the client wants to send a request to an HTTPS server through a proxy, it will request the proxy to connect to the target server's HTTPS port, and then once the tunnel is established, the client will negotiate a TLS handshake with the target server, then send an (encrypted) HTTP request and receive an (encrypted) HTTP response. The tunnel is just a passthrough of raw bytes, the proxy has no concept of any encryption between the client and server. It doesn't care what the bytes represent, its job is just to pass them along as-is.