TLS protocol over proxy: technology advantages and features

03.09.20 в 12:15 Other 3484

TLS encryption of proxy

Using a proxy server is very convenient when performing a large number of tasks. However, working with this tool sometimes involves some difficulties, the main of which is the lack of an encrypted connection. This flaw forces many users to turn to alternative technologies: VPN, Shadowsocks, Tor, and others. What to do if the project needs proxies? For such cases, you can use the TLS data encryption function.

What is the TLS Protocol?

TLS (Transport Layer Security) is a standard network model protocol that provides a secure connection between a user and a server. It protects the data of users who use a secure https connection to access web pages on the Network. TLS is an updated version of the SSL Protocol. The protocol "runs on top" of TCP connection, but there are no changes at the higher HTTP or SMTP level. But still, there are three functions: encryption of information transmitted from one device to another, authorship verification, and data integrity control to protect against spoofing.

Proxies with TLS encryption and HTTPS proxies

Most HTTP(S) proxies support a secure connection to a dedicated website. At the same time, the SSL or TLS protocols are used to protect users' data, just like when connecting without a proxy server. However, information about which hosts the client accesses and whether a proxy is used is not disclosed.

TLS encrypted proxies differ from conventional HTTPS counterparts. Encryption of them occurs "on top" of all protocols used to establish a connection. In other words, not only personal data is hidden from prying eyes, but also other connection parameters, such as HTTP headers from the client and the proxy itself. It provides a high level of anonymity that rivals VPN technology while maintaining the convenience and simplicity of proxy servers for users. Setting up a proxy for commonplace use is also different. As a rule, regular browsers do not support the TLS over proxy function. Therefore, to successfully work through a proxy over an encrypted channel, you need to install specialized client applications, such as stunnel ( In the proxy settings, you specify port 443 to create a secure tunnel through which all traffic will be transmitted.

Differences between TLS proxy and VPN

A proxy server of this configuration is very similar to a VPN service. Indeed, both VPN and proxies with TLS provide access to external resources through a middleware server and transmit data between the client and server in encrypted form. However, these tools should not be equated. Each of them has its characteristics. VPN is a private network that is organized over a public network to ensure the security of data transmission inside it. This technology is often used both for corporate networks, for example, providing secure access of remote employees to confidential data, and for personal purposes, whether it is getting access to a foreign site or ensuring anonymity on the Internet. If we are only talking about spoofing the IP address and diverting traffic, the best solution is to use an intermediary server. Creating a VPN connection requires more additional operations: encapsulating network packets, assigning fake IP addresses in the VPN network itself, and altering the routing table.

A proxy server is a specialized software that connects to a resource server from its IP address, redirecting requests from the client and responding to them from websites. Since intermediation is the main feature of a proxy, this operation is quick and efficient. Often, the speed of data transmission over a high-quality proxy server does not concede to the speed of direct Internet connection.

Advantages of a proxy server with TLS

Why use a TLS encrypted proxy when you have a VPN? To answer this question, you should look at the advantages of using proxy servers to decide whether this technology is suitable for your range of tasks.

Below we have compiled 5 advantages of TLS encrypted proxy protocols over VPN:

1. High-speed data transfer.
High-speed data transfer. When proxying TCP connections, packets are retransmitted independently in the proxy client and proxy host sections. The proxy has its TCP buffers, and short-term I/O delays in one area will not affect the transmission time in the opposite part. The VPN only works at the network layer, and the computer will transmit lost TCP segments from the VPN client to the target server, which reduces the speed of the VPN;

2. Customization flexibility.
Proxy is convenient and easy to configure on any operating system. You can configure proxies for individual applications or queries to a particular domain, or use different proxies for different addresses;

3. HTTPS traffic disguise.
One of the main advantages of such proxies. TLS encryption runs on top of all network protocols, and the server can pass off all transmitted traffic as ordinary HTTPS packets. It can be useful if someone is using traffic filtering technology to block VPNs and other similar tools. The fact of VPN use is visible to the passive DPI even when using dedicated software. Using TLS over proxy avoids this problem;

4. Protection from an unsecured disconnection.
The VPN connection may be interrupted, the user will not notice that their traffic is no longer protected, so the work continues with his real IP address. If we are talking about a proxy, there are no such problems. If the proxy server goes down, the internet connection is lost, and there is no danger of establishing an unsecured connection;

5. Low access rights demands.
Proxy connection, unlike a VPN, does not require specific permissions from the server or user. What opens up opportunities for ordinary users to use it within corporate and home networks.

Where to find and try servers that support TLS over proxy? They are already available on RSocks! The TLS encryption feature is already available for all Private Personal proxies. Experience all the advantages of this technology!

Stunnel for working with private personal proxies via a TLS tunnel

Private personal proxies by RSocks (private personal proxy) support TLS encryption over proxy protocols.

Standard browsers out of the box do not support traffic tunneling to a proxy server, so to successfully use this feature, you need to work through specialized software. Below we will tell you how to quickly and easily set up a private proxy to work through Stunnel.

Start of operation. Installing Stunnel

To get started, you will need three elements:

  • Private personal proxy by Rsocks:

  • The browser you tend to use:

  • Stunnel application:

You can download Stunnel from the official website

Here you can download installation files for any popular operating system.
Stunnel installation is standard and generally does not differ from other programs in your operating system.
The exception is that during installation, the program will ask you to enter data about your country, region, organization, etc.

You can fill in all these fields randomly if you don't want to use your data.

Launching and configuring Stunnel

After launching Stunnel, a window with connection logs appears.

The first thing to do is to edit the configuration for working with our proxy.

Select from the menu ConfigurationEdit Configuration

After clicking Edit Configuration in a standard text editor, the configuration file opens

The default configuration content looks something like this:

Completely clean up the file and insert the following settings:
# We don't check the path to the certificate,
# so the next line is commented out. You can use your certificate
#CAfile = socks.pem
# Here we will write a log
output = socks.log
# We won't check the certificate (value = 0)
verify = 0
# Segment responsible for connecting the proxy servers
# Our service
# Client mode
client = yes
# Here will we send incoming connections to the proxy server
accept =
# Address of your private personal proxy
connect = 188.***.***.126:443
# - comments are provided for explanation, you don't need to insert them in the configuration

If you want to use multiple proxies, you can link other proxy servers on neighboring ports using similar units in the configuration:
client = yes
# Set another port
accept =
# Address of another private personal proxy
connect = 33.***.***.133:443

Next step is to save the configuration file and upload a new config.

ConfigurationReload Configuration

This is the end of the setup. Stunnel is up and running!

Configuring the TLS proxy in the browser

After configuring stunnel, personal proxy servers were linked via an encrypted channel to localhost ports on our computer. Now it is enough to redirect all requests from the browser to localhost ports to work with the proxy.

To do this, go to the browser proxy settings and specify the IP address and localhost port that were used in the stunnel configuration inside the accept parameter.

Save your settings in your browser and get started! Access to private proxy via TLS tunnel is activated!

Authorization, when connecting to a personal proxy server, occurs in normal mode. A window for entering your username and password will appear in the browser, or the proxy server will start working instantly if you selected authorization via the client's IP address.

When the TLS function is configured, the client and proxy work through an encrypted tunnel. It allows you to disguise all traffic as https packets to avoid blocking even when using dpi (deep packet inspection). It makes our proxies an excellent alternative to VPN services for working in networks where OpenVPN traffic is blocked.

Try it yourself and check the high level of privacy and security when working with a TLS proxy!



伴随着会联网的广泛使用,随之带来一系列的危险。首先涉及到匿名和安全性。如果信息不设防范手段,您的数据很可能被入侵 — 这里举个例子,关于在公用网络中的私人的信件。

最初的互联网预想让空间没有国界化,无论在在那里都可以绝对匿名地获取任何信息。现在很多国家都出现了禁止访问某些资源的情况 。

12月 2017


In the recent past by the standards of the development of information technologies, in 2015 Google created artificial intelligence based on neural networks, which was able to analyze the condition around itself and draw conclusions about its further education. The name of the new offspring from Google was given in abbreviated from the term "deep Q-network" - DQN. The DQN started training in common arcade games (Pakman, Tennis, Space Invaiders, Boksing and other classics).

Good afternoon! Now we are talking about such an important topic in our time, as an opportunity to bypass the blocking of sites. The problem is very relevant in our country


Throughout the past year, we have been constantly working to expand our offers of various types of proxies and VPNs. The year was not easy for everyone, but we tried our best, so you can constantly receive from us everything you need for developing your projects. Today we want to sum up the results and share with you the main innovations that appeared in one year.

This type of proxy has specific features that you need to keep in mind when working with it. Understanding these principles makes it possible for you to predict its performance and confidently incorporate proxy server in your project

Proxy traffic can also be encrypted, just like a VPN. The TLS over Proxy technology is used for this purpose! You can read about how this works and why such proxies can be more convenient and efficient than VPN services in this article

Mobile proxy is a software and hardware complex that acts as an intermediary between the user and the Internet. The proxy function is to receive a signal from the device, assign a new IP address, and transmit it to the global network. As a result, the user uses one IP, and the Internet connection comes from a completely different one

In this article we'll talk about TOR and its place in ensuring anonymity on the Internet, and how to use Tor Browsers on Windows 10 and Android.