SSL Tunneling involves a client that requires an SSL connection to a backend service or secure server via a proxy server. This proxy server opens the connection between the client and the backend service and copies the data to both sides without any direct interference in the SSL connection.
A diagram that demonstrates SSL Tunneling is given as follows:
Working of SSL Tunneling
The stepwise working of SSL Tunneling from its creation to end is given as follows:
- A tunneling request CONNECT is made by the client on port 443 for HTTPS. This request is sent to the proxy server automatically for the HTTPS request. The CONNECT request is used by the RFC 2616 to establish a tunnel.
- The proxy server receives the tunneling request on the port 8080. Then it connects the secure destination server to the port that is requested by the client.
- The proxy server sends back a 200 OK response to the client to confirm that an SSL connection is created.
- A TLS handshake occurs effectively between the client and the server as the proxy server plays no part in it.
- After the TLS handshake, the encrypted data is passed from the client to the server via the proxy server and vice versa. This data is only decrypted at the client or the server and never the proxy server.
- When the closure of the connection is requested by the client or the server, the connections at ports 443 and 8080 are closed by the proxy server and normal operations resume.
Features of SSL Tunneling
- To perform SSL tunneling between the client and the server using HTTPS URLs, the client should support SSL and HTTPS. In case the client does not support HTTPS, the Proxy Server’s HTTPS proxying capability can be used.
- The security of SSL tunneling is on par with SSL without proxying. This means that using the proxy server does not change or reduce the security of SSL at all.
- The proxy server in SSL tunneling cannot access the transaction between the client and the server as it is encrypted. This means that no eavesdropping is possible, either from the proxy server or from third parties.
- The proxy server cannot verify if the protocol used between the client and the server is SSL as it cannot access the transaction. So it is best if known ports i.e. port 443 for HTTPS and 563 for SNEWS are used for security reasons.
- 13 Mistakes To Avoid During Technical Interview
- How to Make a Career in Ethical Hacking?
- Top 10 Data Science Skills to Learn in 2020
- How to Start a Career in Software Testing - A Complete Guide!
- Top 8 Video Call Apps That Become Popular During Covid19 Pandemic
- Top 5 Free, Cross-Platform, and Open-Source Database System in 2020
- Methods for Text Clipping in Computer Graphics
- Difference between RPA and Selenium
- How to Delete a File or Folder using CMD?
- How to Publish a Static Website on GitHub?
- 8 Useful Testing Tools, Libraries and Frameworks For React Developers
- Top 10 Hadoop Analytics Tools For Big Data
- Top 5 Open Source Code Editors in 2020
- How to Make USB Rubber Ducky at Home?
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.