3.7 Secure Tunnel Encapsulation of SSTP Protocol Client Details

Secure Tunnel Encapsulation is layered on a single TCP connection. After the TCP connection is established, the HTTP Connect method flows over the connection and is used to negotiate a tunnel connection through the proxy. When the Secure Tunnel connection handshake is complete, the SSTP data stream flows across the Secure Tunnel connection, through the proxy, to the server. The connection is a full duplex connection. SSTP commands and data from the client to the server flow in their SSTP format using TCP as a transport.

A Secure Tunnel connection is negotiated between the client and the proxy. The server is not involved in the proxy negotiation. Direct connections between a client and server do not perform the Secure Tunnel handshake. Instead, direct connections send and receive the SSTP data stream over a TCP connection, just as they do for SSTP over 2492/TCP. The only difference is that the target port is 443/TCP with no SSL handshake (see [SSL3], section 5.5) or protocol (see [SSL3]).