Client - Corporate Proxy connection to Microsoft outlook, additional HTTP/1.1 packet before TLS channel established

asked 2018-10-23 15:04:46 +0000

xinxolHH gravatar image

updated 2018-10-24 13:24:06 +0000

I have been given a trace of a PC client which connects to MS outlook cloud via a corporate proxy. The trace taken on the client shows a HTTP request to authenticate before TLS connection is established. There is also a plain HTTP/1.1 on port 443, unencrypted traffic using an encrypted channel and there is also a warning on the Wireshark expert info. I wonder why the http request is there.

The connection is then established, (http 200 OK) and then the TLS handshake will continue. I am not expecting this plain HTTP packet to be there. I do not know why it is there, but I may think of a client-proxy configuration issue. Is this a security risk? Is this something necessary to be there?

image description

I share the trace file via Google Drive:

Note: TLS is handshake is removed. Please click in the link below, to download the file:

link text

Thanks for comments and hints in advance.

edit retag flag offensive close merge delete