httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 29744] CONNECT does not work over existing SSL connection
Date Wed, 05 Mar 2008 16:03:07 GMT

Sudhaker <> changed:

           What    |Removed                     |Added
                 CC|                            |
           Priority|P3                          |P2

--- Comment #56 from Sudhaker <>  2008-03-05 08:03:06 ---

We can possibly fork this effort and someone can publish various pre-compiled
and patched "". This can take away the pain of individually
re-compiling the module ;-)

Last night I compiled "mod_proxy_connect" for 2.2.3 using patch given at (had to fix
httpd-2.2.3 that comes with CentOS5). It worked great after I replace the
original "" with this patched one :-)

I use Stunnel at client-end to theoretically abstracts me from underlying SSL
connections and get a normal local http-proxy at localhost:8080 which bridges
to apache running at my home machine (over SSL). FYI, my <Proxy> settings are
inside SSL VirtualHost and it is not exposed without encryption.

This technique works great for ssh-over-connect with dynamic-forward enabled at
port 1080. Then I can then set socks-proxy to localhost:1080 in any application
and it works.

Other use-case is when I configure my applications to use http-proxy at
localhost:8080 ; This is where things get complicated and I see
"SSL3_GET_RECORD:bad decompression" in my stunnel log file. Setting "sslVersion
 = TLSv1" in my "stunnel.conf" eventually fixes it (not tested
comprehensively). Guess there are some combinations of protocols which breaks
even with this patch.

Followings are possible combinations we may need to test 

Plain-over-SSLv2, SSLv2-over-SSLv2, SSLv3-over-SSLv2, TSLv1-over-SSLv2
Plain-over-SSLv3, SSLv2-over-SSLv3, SSLv3-over-SSLv3, TSLv1-over-SSLv3
Plain-over-TSLv1, SSLv2-over-TSLv1, SSLv3-over-TSLv1, TSLv1-over-TSLv1

Question for SSL expert:- Are there any technical challenges in implementing


Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message