Category: HTTPS (4)

The HTTP CONNECT tunnel

HTTPS is widely used on Internet to secure the data being transferred. However, when a browser needs to send a HTTPS request through proxy, since the request hostname and port number are all encrypted in HTTPS request header and even the proxy cannot get them, then how does the proxy know where to send client's request? To solve this problem, the browser sends a HTTP request with method CONNECT and the target hostname and port number to the proxy. When receiving the CONNECT request, the proxy establishes a TCP connection to the requested hostname on the specified port and then returns HTTP 200 response to tell the browser the requested connection was made. After that, the proxy should just blindly forward the packets back and forth between the client and the server without looking at them until the tunnel is closed.


Aug 12, 2018
Read More

How to create an IIS website that requires client certificate using self-signed certificates

Some IE/IIS issues may involve client certificate. It always took me hours to deploy a test website that requires client certificate. Therefore, I am going to write this blog to record every steps including: creating self-signed root CA, server certificate, client certificate and configuring IIS.


Jul 31, 2016
Read More

Walkthrough: Decrypt SSL/TLS traffic (HTTPS and HTTP/2) in Wireshark

I was recently researching HTTP/2. However I can only see encrypted network packets in Wireshark because all browsers only support HTTP/2 that run over TLS. Actually Wireshark does provide some settings to decrypt SSL/TLS traffic.


Dec 15, 2015
Read More

How to resolve "SEC7111: HTTPS security is compromised by (null)" error in IE11

I recently encountered an issue that a webpage does not function in IE11 with exception "SEC7111: HTTPS security is compromised by (null)". It turned out it was caused by using document.write() function in the HTTPS webpage.


Oct 21, 2015
Read More