5.2. Proxying HTTPS

Web proxies are an important fact of life in many Internet environments, and often provide the only means by which browsers can access the outside world. In order to support HTTPS, proxies implement a special HTTP method: CONNECT, documented in RFC 2817. On receipt of a CONNECT request, the proxy opens a TCP connection to a specified remote server and then simply passes data between the client browser and the remote server without modifying it. The client browser simply transmits its TLS data to the proxy for onward transmission to the remote server. While the proxy has access to all the data, it only sees the encrypted data stream and can do nothing with it. While this is a good thing from a security point of view it also means that none of the data can be cached.