I want to make Chrome use SSL for all outgoing requests to a proxy (which I control). The proxy can accept a plain HTTPS connection (as a transparent proxy), and it also supports a non-encrypted HTTP connection inside which the client can do HTTP CONNECT and then negotiate SSL.
However, Chrome only uses HTTP CONNECT for https urls. When I open an http url, chrome sends a HTTP GET to the proxy instead of HTTP CONNECT. This happens even if I use a PAC script that returns "HTTPS host:port" for both http and https urls. And I can't make chrome use ordinary HTTPS at all when connecting to the proxy.
My goal is to protect the traffic between the browser and the proxy from passive network listeners, including hiding any proxy authentication tokens passed in HTTP headers. How can I accomplish this?