I know if a HTTP server support CONNECT method, it could create a TCP tunnel, then we can use all protocols based on TCP.

Here is my confusion, is HTTPS proxy means a HTTP proxy support CONNECT method or a HTTP proxy over SSL?

Here is my confusion, is HTTPS proxy means a HTTP proxy support CONNECT method or a HTTP proxy over SSL?

I think the exact meaning depends on the context. I read almost all related posts and notice that most people see "HTTPS proxy" as HTTP proxy that supports CONNECT method. And Many of them mistakenly think that there's no such thing as connecting to a proxy a server over SSL. While some others take "HTTPS proxy" as a Man-in-the-middle attack type of proxy server.

But the way connecting to a HTTP proxy server over SSL does exist. Check my question and answer here HTTPs proxy server only works in SwitchOmega , you can deploy one by yourself with tens of lines of code.

While proxy servers are usually accessed through http (meaning HTTPS_PROXY would reference an HTTP URL), note that curl 7.52+ (Dec. 2016) does support HTTPS proxy and SOCKS+HTTP(s).

That means you can also an HTTPS_PROXY referencing an https URL for a proxy.

Git 2.16 (Q1 2018) acknowledges that with commit 82b6803 (19 Dec 2017) by Wei Shuyu (``).
^{(Merged by Junio C Hamano -- gitster -- in commit fc4a226, 28 Dec 2017)}

Git has been taught to support an https:// URL used for http.proxy when using recent versions of libcurl.

http: support CURLPROXY_HTTPS

HTTP proxy over SSL is supported by curl since 7.52.0.
This is very useful for networks with protocol whitelist.

With Git 2.27 (Q2 2020), a handful of options to configure SSL when talking to proxies have been added.

See commit af02651, commit 88238e0 (04 Mar 2020) by Jorge Lopez Silva (jalopezsilva).
^{(Merged by Junio C Hamano -- gitster -- in commit aaa6255, 25 Mar 2020)}

http: add client cert support for HTTPS proxies

^{Signed-off-by: Jorge Lopez Silva}

Git supports performing connections to HTTPS proxies, but we don't support doing mutual authentication with them (through TLS).

Add the necessary options to be able to send a client certificate to the HTTPS proxy.

A client certificate can provide an alternative way of authentication instead of using 'ProxyAuthorization' or other more common methods of authentication.

Libcurl supports this functionality already, so changes are somewhat minimal.
The feature is guarded by the first available libcurl version that supports these options.

4 configuration options are added and documented, cert, key, cert password protected and CA info. The CA info should be used to specify a different CA path to validate the HTTPS proxy cert.

The Documentation/config/http.txt now includes:

http.proxySSLCert:

The pathname of a file that stores a client certificate to use to authenticate with an HTTPS proxy.

http.proxySSLKey:

The pathname of a file that stores a private key to use to authenticate with an HTTPS proxy.

http.proxySSLCertPasswordProtected:

Enable Git's password prompt for the proxy SSL certificate.
Otherwise OpenSSL will prompt the user, possibly many times, if the certificate or private key is encrypted.

http.proxySSLCAInfo:

Pathname to the file containing the certificate bundle that should be used to verify the proxy with when using an HTTPS proxy.

Proxy server handles HTTPS requests from clients is always called HTTPS proxy server. It's similar with HTTP proxy server, the only difference is the protocols they focus on. No matter HTTP or HTTPS proxy server, they both can carry out caching of information downloaded from the Internet.

More on Brief Introduction on HTTPS Proxy Server