Using a proxy server is very convenient when performing a large number of tasks. However, working with this tool sometimes involves some difficulties, the main of which is the lack of an encrypted connection. This flaw forces many users to turn to alternative technologies: VPN, Shadowsocks, Tor, and others. What to do if the project needs proxies? For such cases, you can use the TLS data encryption function.
What is the TLS Protocol?
TLS (Transport Layer Security) is a standard network model protocol that provides a secure connection between a user and a server. It protects the data of users who use a secure https connection to access web pages on the Network. TLS is an updated version of the SSL Protocol. The protocol "runs on top" of TCP connection, but there are no changes at the higher HTTP or SMTP level. But still, there are three functions: encryption of information transmitted from one device to another, authorship verification, and data integrity control to protect against spoofing.
Proxies with TLS encryption and HTTPS proxies
Most HTTP(S) proxies support a secure connection to a dedicated website. At the same time, the SSL or TLS protocols are used to protect users' data, just like when connecting without a proxy server. However, information about which hosts the client accesses and whether a proxy is used is not disclosed.
TLS encrypted proxies differ from conventional HTTPS counterparts. Encryption of them occurs "on top" of all protocols used to establish a connection. In other words, not only personal data is hidden from prying eyes, but also other connection parameters, such as HTTP headers from the client and the proxy itself. It provides a high level of anonymity that rivals VPN technology while maintaining the convenience and simplicity of proxy servers for users. Setting up a proxy for commonplace use is also different. As a rule, regular browsers do not support the TLS over proxy function. Therefore, to successfully work through a proxy over an encrypted channel, you need to install specialized client applications, such as stunnel (www.stunnel.org). In the proxy settings, you specify port 443 to create a secure tunnel through which all traffic will be transmitted.
Differences between TLS proxy and VPN
A proxy server of this configuration is very similar to a VPN service. Indeed, both VPN and proxies with TLS provide access to external resources through a middleware server and transmit data between the client and server in encrypted form. However, these tools should not be equated. Each of them has its characteristics. VPN is a private network that is organized over a public network to ensure the security of data transmission inside it. This technology is often used both for corporate networks, for example, providing secure access of remote employees to confidential data, and for personal purposes, whether it is getting access to a foreign site or ensuring anonymity on the Internet. If we are only talking about spoofing the IP address and diverting traffic, the best solution is to use an intermediary server. Creating a VPN connection requires more additional operations: encapsulating network packets, assigning fake IP addresses in the VPN network itself, and altering the routing table.
A proxy server is a specialized software that connects to a resource server from its IP address, redirecting requests from the client and responding to them from websites. Since intermediation is the main feature of a proxy, this operation is quick and efficient. Often, the speed of data transmission over a high-quality proxy server does not concede to the speed of direct Internet connection.
Advantages of a proxy server with TLS
Why use a TLS encrypted proxy when you have a VPN? To answer this question, you should look at the advantages of using proxy servers to decide whether this technology is suitable for your range of tasks.
Below we have compiled 5 advantages of TLS encrypted proxy protocols over VPN:
1. High-speed data transfer.
High-speed data transfer. When proxying TCP connections, packets are retransmitted independently in the proxy client and proxy host sections. The proxy has its TCP buffers, and short-term I/O delays in one area will not affect the transmission time in the opposite part. The VPN only works at the network layer, and the computer will transmit lost TCP segments from the VPN client to the target server, which reduces the speed of the VPN;
2. Customization flexibility.
Proxy is convenient and easy to configure on any operating system. You can configure proxies for individual applications or queries to a particular domain, or use different proxies for different addresses;
3. HTTPS traffic disguise.
One of the main advantages of such proxies. TLS encryption runs on top of all network protocols, and the server can pass off all transmitted traffic as ordinary HTTPS packets. It can be useful if someone is using traffic filtering technology to block VPNs and other similar tools. The fact of VPN use is visible to the passive DPI even when using dedicated software. Using TLS over proxy avoids this problem;
4. Protection from an unsecured disconnection.
The VPN connection may be interrupted, the user will not notice that their traffic is no longer protected, so the work continues with his real IP address. If we are talking about a proxy, there are no such problems. If the proxy server goes down, the internet connection is lost, and there is no danger of establishing an unsecured connection;
5. Low access rights demands.
Proxy connection, unlike a VPN, does not require specific permissions from the server or user. What opens up opportunities for ordinary users to use it within corporate and home networks.
Where to find and try servers that support TLS over proxy? They are already available on RSocks! The TLS encryption feature is already available for all Private Personal proxies. Experience all the advantages of this technology!
Stunnel for working with private personal proxies via a TLS tunnel
Private personal proxies by RSocks (private personal proxy) support TLS encryption over proxy protocols.
Standard browsers out of the box do not support traffic tunneling to a proxy server, so to successfully use this feature, you need to work through specialized software. Below we will tell you how to quickly and easily set up a private proxy to work through Stunnel.
Start of operation. Installing Stunnel
To get started, you will need three elements:
- Private personal proxy by Rsocks:
- The browser you tend to use:
- Stunnel application:
You can download Stunnel from the official website
Here you can download installation files for any popular operating system.
Stunnel installation is standard and generally does not differ from other programs in your operating system.
The exception is that during installation, the program will ask you to enter data about your country, region, organization, etc.
You can fill in all these fields randomly if you don't want to use your data.
Launching and configuring Stunnel
After launching Stunnel, a window with connection logs appears.
The first thing to do is to edit the configuration for working with our proxy.
Select from the menu Configuration → Edit Configuration
After clicking Edit Configuration in a standard text editor, the configuration file opens
The default configuration content looks something like this:
Completely clean up the file and insert the following settings:
# We don't check the path to the certificate,
# so the next line is commented out. You can use your certificate
#CAfile = socks.pem
# Here we will write a log
output = socks.log
# We won't check the certificate (value = 0)
verify = 0
# Segment responsible for connecting the proxy servers
# Our service
# Client mode
client = yes
# Here will we send incoming connections to the proxy server
accept = 127.0.0.1:8080
# Address of your private personal proxy
connect = 188.***.***.126:443
# - comments are provided for explanation, you don't need to insert them in the configuration
If you want to use multiple proxies, you can link other proxy servers on neighboring ports using similar units in the configuration:
client = yes
# Set another port
accept = 127.0.0.1:8081
# Address of another private personal proxy
connect = 33.***.***.133:443
Next step is to save the configuration file and upload a new config.
Configuration → Reload Configuration
This is the end of the setup. Stunnel is up and running!
Configuring the TLS proxy in the browser
After configuring stunnel, personal proxy servers were linked via an encrypted channel to localhost ports on our computer. Now it is enough to redirect all requests from the browser to localhost ports to work with the proxy.
To do this, go to the browser proxy settings and specify the IP address and localhost port that were used in the stunnel configuration inside the accept parameter.
Save your settings in your browser and get started! Access to private proxy via TLS tunnel is activated!
Authorization, when connecting to a personal proxy server, occurs in normal mode. A window for entering your username and password will appear in the browser, or the proxy server will start working instantly if you selected authorization via the client's IP address.
When the TLS function is configured, the client and proxy work through an encrypted tunnel. It allows you to disguise all traffic as https packets to avoid blocking even when using dpi (deep packet inspection). It makes our proxies an excellent alternative to VPN services for working in networks where OpenVPN traffic is blocked.
Try it yourself and check the high level of privacy and security when working with a TLS proxy!