Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2018-10-23 15:04:46 +0000

xinxolHH gravatar image

Coorporate Proxy connection to Microsoft outlook, additional HTTP/1.1 packet before TLS channel established

I have been given a trace of PC client which connects to MS outlook cloud via a cooporae proxy, the trace taken on the client, shows a HTTP request to authenticate before TLS connection is established. It is also a plain HTTP/1.1 on port 443, so I would think uncrypted traffic using an encrypted channel, it is also the warning on the wireshark expert info.

The connection is then establshed in this trace, and then the TLS handshake will start. I am not expecting this plain HTTP packet to be there. I do not know why, is there, but I may think of a client-proxy configuration issue. Is this a security risk, is this something unecessary to be there?

image description

(When annomised I would be able to upload the trace of the conversation)

Thanks for comments and hints in advanced,

Coorporate Proxy connection to Microsoft outlook, additional HTTP/1.1 packet before TLS channel established

I have been given a trace of PC client which connects to MS outlook cloud via a cooporae proxy, the trace taken on the client, shows a HTTP request to authenticate before TLS connection is established. It is also a plain HTTP/1.1 on port 443, so I would think uncrypted traffic using an encrypted channel, it is also the warning on the wireshark expert info.

The connection is then establshed in this trace, and then the TLS handshake will start. I am not expecting this plain HTTP packet to be there. I do not know why, is there, but I may think of a client-proxy configuration issue. Is this a security risk, is this something unecessary to be there?

image descriptionimage description

(When annomised I would be able to upload the trace of the conversation)

Thanks for comments and hints in advanced,

Coorporate Proxy connection to Microsoft outlook, additional HTTP/1.1 packet before TLS channel established

I have been given a trace of PC client which connects to MS outlook cloud via a cooporae proxy, the trace taken on the client, shows a HTTP request to authenticate before TLS connection is established. It is also a plain HTTP/1.1 on port 443, so I would think uncrypted unencrypted traffic using an encrypted channel, it is also the warning on the wireshark expert info.

The connection is then establshed in this trace, and then the TLS handshake will start. I am not expecting this plain HTTP packet to be there. I do not know why, is there, but I may think of a client-proxy configuration issue. Is this a security risk, is this something unecessary to be there?

image description

(When annomised I would be able to upload the trace of the conversation)

Thanks for comments and hints in advanced,

Coorporate Proxy connection to Microsoft outlook, additional HTTP/1.1 packet before TLS channel established

I have been given a trace of PC client which connects to MS outlook cloud via a cooporae proxy, the trace taken on the client, shows a HTTP request to authenticate before TLS connection is established. It is also a plain HTTP/1.1 on port 443, so I would think unencrypted traffic using an encrypted channel, it is also the warning on the wireshark expert info.

The connection is then establshed in this trace, and then the TLS handshake will start. I am not expecting this plain HTTP packet to be there. I do not know why, is there, but I may think of a client-proxy configuration issue. Is this a security risk, is this something unecessary to be there?

image description

link text

(When annomised I would be able to upload the trace of the conversation)

Thanks for comments and hints in advanced,

Coorporate Proxy connection to Microsoft outlook, additional HTTP/1.1 packet before TLS channel established

I have been given a trace of PC client which connects to MS outlook cloud via a cooporae proxy, the trace taken on the client, shows a HTTP request to authenticate before TLS connection is established. It is also a plain HTTP/1.1 on port 443, so I would think unencrypted traffic using an encrypted channel, it is also the warning on the wireshark expert info.

The connection is then establshed in this trace, and then the TLS handshake will start. I am not expecting this plain HTTP packet to be there. I do not know why, is there, but I may think of a client-proxy configuration issue. Is this a security risk, is this something unecessary to be there?

image description

link text

(When annomised I would be able to upload the trace of the conversation)

Thanks for comments and hints in advanced,

Coorporate Proxy connection to Microsoft outlook, additional HTTP/1.1 packet before TLS channel established

I have been given a trace of PC client which connects to MS outlook cloud via a cooporae proxy, the trace taken on the client, shows a HTTP request to authenticate before TLS connection is established. It is also a plain HTTP/1.1 on port 443, so I would think unencrypted traffic using an encrypted channel, it is also the warning on the wireshark expert info.

The connection is then establshed in this trace, and then the TLS handshake will start. I am not expecting this plain HTTP packet to be there. I do not know why, is there, but I may think of a client-proxy configuration issue. Is this a security risk, is this something unecessary to be there?

image description

(When annomised I would be able to upload the trace of the conversation)

Thanks for comments and hints in advanced,

Client - Coorporate Proxy connection to Microsoft outlook, additional HTTP/1.1 packet before TLS channel established

I have been given a trace of a PC client which connects to MS outlook cloud via a cooporae proxy, the proxy. The trace taken on the client, shows a HTTP request to authenticate before TLS connection is established. It is also a plain HTTP/1.1 on port 443, so I would think unencrypted traffic using an encrypted channel, it channel is also the warning on the wireshark expert info.info. I wonder why the http request is there.

The connection is then establshed in this trace, established, (http 200 OK) and then the TLS handshake will start. continue. I am not expecting this plain HTTP packet to be there. I do not know why, why is there, but I may think of a client-proxy configuration issue. Is this a security risk, is this something unecessary necessary to be there?

image description

(When annomised I would be able to upload the trace of the conversation)

Thanks for comments and hints in advanced,

click to hide/show revision 8
None

updated 2018-10-23 15:43:35 +0000

cmaynard gravatar image

Client - Coorporate Proxy connection to Microsoft outlook, additional HTTP/1.1 packet before TLS channel established

I have been given a trace of a PC client which connects to MS outlook cloud via a cooporae corporate proxy. The trace taken on the client, client shows a HTTP request to authenticate before TLS connection is established. It There is also a plain HTTP/1.1 on port 443, unencrypted traffic using an encrypted channel and there is also the a warning on the wireshark Wireshark expert info. I wonder why the http request is there.

The connection is then established, (http 200 OK) and then the TLS handshake will continue. I am not expecting this plain HTTP packet to be there. I do not know why it is there, but I may think of a client-proxy configuration issue. Is this a security risk, is risk? Is this something necessary to be there?

image description

(When annomised anonymized, I would be able to upload the trace of the conversation)conversation.)

Thanks for comments and hints in advanced,advance.

click to hide/show revision 9
None

updated 2018-10-23 15:43:48 +0000

cmaynard gravatar image

Client - Coorporate Proxy connection to Microsoft outlook, additional HTTP/1.1 packet before TLS channel established

I have been given a trace of a PC client which connects to MS outlook cloud via a corporate proxy. The trace taken on the client shows a HTTP request to authenticate before TLS connection is established. There is also a plain HTTP/1.1 on port 443, unencrypted traffic using an encrypted channel and there is also a warning on the Wireshark expert info. I wonder why the http request is there.

The connection is then established, (http 200 OK) and then the TLS handshake will continue. I am not expecting this plain HTTP packet to be there. I do not know why it is there, but I may think of a client-proxy configuration issue. Is this a security risk? Is this something necessary to be there?

image description

(When anonymized, I would be able to upload the trace of the conversation.)

Thanks for comments and hints in advance.

Client - Coorporate Corporate Proxy connection to Microsoft outlook, additional HTTP/1.1 packet before TLS channel established

I have been given a trace of a PC client which connects to MS outlook cloud via a corporate proxy. The trace taken on the client shows a HTTP request to authenticate before TLS connection is established. There is also a plain HTTP/1.1 on port 443, unencrypted traffic using an encrypted channel and there is also a warning on the Wireshark expert info. I wonder why the http request is there.

The connection is then established, (http 200 OK) and then the TLS handshake will continue. I am not expecting this plain HTTP packet to be there. I do not know why it is there, but I may think of a client-proxy configuration issue. Is this a security risk? Is this something necessary to be there?

image description

(When anonymized, I would be able to upload I share the trace of the conversation.)file via Google Drive:

Note: TLS is handshake is removed.

link text

Thanks for comments and hints in advance.

Client - Corporate Proxy connection to Microsoft outlook, additional HTTP/1.1 packet before TLS channel established

I have been given a trace of a PC client which connects to MS outlook cloud via a corporate proxy. The trace taken on the client shows a HTTP request to authenticate before TLS connection is established. There is also a plain HTTP/1.1 on port 443, unencrypted traffic using an encrypted channel and there is also a warning on the Wireshark expert info. I wonder why the http request is there.

The connection is then established, (http 200 OK) and then the TLS handshake will continue. I am not expecting this plain HTTP packet to be there. I do not know why it is there, but I may think of a client-proxy configuration issue. Is this a security risk? Is this something necessary to be there?

image description

I share the trace file via Google Drive:

Note: TLS is handshake is removed.removed. Please click in the link, to download the file:

link text

Thanks for comments and hints in advance.

Client - Corporate Proxy connection to Microsoft outlook, additional HTTP/1.1 packet before TLS channel established

I have been given a trace of a PC client which connects to MS outlook cloud via a corporate proxy. The trace taken on the client shows a HTTP request to authenticate before TLS connection is established. There is also a plain HTTP/1.1 on port 443, unencrypted traffic using an encrypted channel and there is also a warning on the Wireshark expert info. I wonder why the http request is there.

The connection is then established, (http 200 OK) and then the TLS handshake will continue. I am not expecting this plain HTTP packet to be there. I do not know why it is there, but I may think of a client-proxy configuration issue. Is this a security risk? Is this something necessary to be there?

image description

I share the trace file via Google Drive:

Note: TLS is handshake is removed. Please click in the link, link below, to download the file:

link text

Thanks for comments and hints in advance.

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2