4.1 HTTPS Layer Establishment

During initialization, the SSTP server configures both the server certificate to use and the URL in which it is interested. This URL will be a well-known URL between the client and the server. The server can also support HTTP to allow SSL/TLS terminating edge devices.<17> These devices terminate the SSL/TLS connection coming from the client, validate the URL, and establish the HTTP connection to the actual web server behind it.

The request sent to the SSTP server uses the HTTP verb SSTP_DUPLEX_POST with content length encoding.

The request sent is as follows:


  • URI: /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/

  • Protocol Version: HTTP/1.1

  • Content-Length: 18446744073709551615 (ULONGLONG_MAX)

  • Host: <Server Name>


As a part of setting up a bidirectional session with HTTPS, when the HTTP request is being sent, no entity body message will be sent to the far end. Instead, the client initiates a timer (for 60 seconds) and sends out the request to the server. A response is expected within 60 seconds. The server will be listening for the URI /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/. The SSTP server, on receiving the request, validates the method to be SSTP_DUPLEX_POST and the HTTP version to be 1.1. If this succeeds, and there are sufficient ports on the server to accept the new connection, then the server sends back an HTTP_STATUS_OK message to the client. Otherwise, the server fails the request by sending an HTTP error code containing indication this is to be the last data being sent over the connection.

The response sent is as follows.

 Protocol Version: HTTP/1.1
 Status code: 200
 Content-Length: 18446744073709551615
 Server: Microsoft-HTTPAPI/2.0
 Date: Thu, 09 Nov 2006 00:51:09 GMT