I have been given a trace of PC client which connects to MS outlook cloud via a cooporae proxy, the trace taken on the client, shows a HTTP request to authenticate before TLS connection is established. It is also a plain HTTP/1.1 on port 443, so I would think uncrypted traffic using an encrypted channel, it is also the warning on the wireshark expert info.
The connection is then establshed in this trace, and then the TLS handshake will start. I am not expecting this plain HTTP packet to be there. I do not know why, is there, but I may think of a client-proxy configuration issue. Is this a security risk, is this something unecessary to be there?
(When annomised I would be able to upload the trace of the conversation)
Thanks for comments and hints in advanced,