Description
Aleph's HTTP client has proxy support (via proxy-options) but it doesn't support HTTPS connections towards the proxy server, i.e. the initial CONNECT request is always sent in plain. Note that connecting to destination hosts via HTTPS is still possible this way. However, it would still be good to also support a secure client <-> proxy connection for defense in depth purposes or for using proxies in an untrusted network environment.
Implementation-wise, this would probably entail adding an optional ssl-context key to proxy-options and then adding a second SslHandler to the pipeline before the proxy handlers. As a consequence, we might have to fix some of the existing code expecting only one SslHandler to be present in the channel pipeline. See netty/netty#11418 for somebody running into that very situation.
See also this discussion.