Heya, Well because the information sent from the client to the proxy is sent in clear text. Isn't that a huge security flaw?
John -----Original Message----- From: Roland Weber [mailto:[EMAIL PROTECTED] Sent: Wed 7/4/2007 2:40 AM To: HttpClient User Discussion Subject: Re: HttpClient ProxyHost and SSL Hello, > It was recently brought to my attention that our application, when using > SSL communication and a Proxy, is communicating to the proxy via > straight http, and not https. Yes, that works exactly as designed. SSL provides end-to-end encryption, the SSL connection is established between the client and the server, not between the client and the proxy. > Is there no way around this? What would be the point of encrypting the data to the proxy twice, if it is subsequently sent from the proxy to the server encrypted only once? cheers, Roland
