[stunnel-users] Username and Password in Clear Text

Hi,

I am using stunnel 4.56 Windows verison.

I thought the username and password will *only* be sent to SERVER2, *after* the SSL handshake, with each request.

However, the truth is that the Proxy-Authorization header is attached to the request to SERVER1 "CONNECT SERVER2:433 HTTP/1.1", as well.

So SERVER1 can see username and password. It is not necessary and safe.

Am I missing anything here?

Regards, Peter

[stunnel] client = yes accept = 127.0.0.1:8080 connect = SERVER1:3128 protocol = connect protocolHost = SERVER2:443 protocolUsername = username protocolPassword = password