I agreee proxy servers are still necceessary to protect internal servers…but, I think you can do https from the proxy to an internal (behind firewall) server, so you have:
Outside world->https->Proxy Server->https->Internal IS Server
OR
Outside world->https->Proxy Server->RI->Internal IS Server
but preferably not both (although technically feasible, I think its overkill to have both sceanrios simulatanously.