For proxying connections embedded in SSL, a properly configured proxy for the embedded protocol is required — the best way is to derive an own proxy class and modify its parameters, but you can use a built-in proxy (for example, the HttpProxy for HTTPS traffic) if its default behavior is acceptable for you. The SSL-framework validates the certificate of the server, decrypts the secure channel, then passes the data to the proxy. To transfer traffic that does not have a native proxy, or to inspect only the SSL connection without analyzing the embedded protocol, use PlugProxy.

For details on deriving and modifying proxies, see Section 6.6, Proxy classes in Proxedo Network Security Suite 1.0 Administrator Guide.

The following procedure describes how to configure Application-level Gateway proxies to handle SSL/TLS connections. For the configuration examples, an Http proxy will be used to inspect HTTPS connections — you can use other proxies similarly to inspect IMAPS, POP3S, and other types of traffic.