I know how HTTP proxies work, but I am unsure about HTTPS ones. More specifically, I am confused about the encryption part.
So, the client connects to the proxy using HTTPS. That I understand. Now say the user wants to connect to gmail through that proxy.
- Does the proxy have to estabilish a HTTPS connection to gmail first?
- And how is the client/server hello done? Does the client encrypt the client hello through https, send it to the proxy which in tu decrypts it, encrypts it with the encryption method agreed with gmail and sends it to gmail?
- And then, after the client/server hello is executed and an encryption method is agreed upon, doesn't the client get confused? Because if the requests are all going through the proxy, shouldn't the encryption method be just one? Or does the client encrypt it's requests according to the host they are being sent to, regardless of ip address?
- One more thing; if the proxy is supposed to replace the sender address of the packets with it's own address, then shouldn't the packets be completely decrypted? Because if they are not, then how is the proxy supposed to know where to insert it's IP if the data is all garbled? Or is the sender part not encrypted?