Success

It's nothing special, but it works here. I'm actually writting this from work! It's much slower than normal browsing. Could be a few things. My server might be slow (yah it prob is, it's cheap!) and every little HTTP connection turns into a encrypted HTTPS tunnel with key exchanges and encryption for the smallest of files... That's where I'd assume most of the overhead is. A single connection which stays open and tunnels traffic may do better -- PuTTY/ssh does that very nicely. But do I want to run SSH which is encrypted (but optionally compressed!) underneath an SSL tunnel? Twice encrypted, that takes some CPU cycles, but I believe keeping 1 connection and not having to do the handshakes every time, plus a bit of compression...

Workstation -> stunnel client -> Firewall -> stunnel server -> tinyproxy -> sshd

Wow. It's so easy if it's just ssh, cut out stunnel and tinyproxy. Why does SSH have to not work over this dern proxy? I wish they had used a protocol which looked more like a real HTTPS connection. I already use it on port 443 on my secondary IP for such occasions! :) I seriously think it's just because the server talks first... I could hack PuTTY (sources are available) and my sshd, but what'd that really help me achieve? SPEED! Incompatibilities... :D

HTTP proxies...

They're used so you don't visit sites you're not suppose to. It's really easy with all the CGI proxies out there to get around them, but they aren't 100% functional. SSH over HTTP proxy usually works, but this time for me it did not. I suppose it was because an SSH server starts the connection with a version identifier, and the HTTP proxy did not like that. I will be testing out this stunnel/tinyproxy configuration. It'd be doubly encrypted, but I could in turn use that to connect to my SSH server if a success. Attached you'll find the files.
The config files are all unchanged from my tests, so you'll have information about my server, but my stunnel server has been setup to checks client certificates. I included my client cert and private key, but it's passworded, and if cracked and abused I can easily change the certs allowed on the server! The tinyproxy backend only allows connections from localhost. That makes it pretty closed to all those random foreign hackers that always seem to probe the entire internet for open proxies.
So anyway... Hopefully it seems more authentic to my corporates HTTP proxy. It would be a nice addition to Portable Firefox. Making those weekends stuck on duty seem almost like I'm surfing from home... :)
Edit: on second thought, I won't post the file here. It's all available on stunnel.org, and I can just use a diskette to allow friends the option of testing it out.

first post.

yeah, just ditching the old blog. nothing here. never was really, and probably never will be.