httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Folini <>
Subject Re: Allow SSLProxy* config in <Proxy> context?
Date Thu, 14 Apr 2016 04:54:45 GMT

There is a commercial apache-based reverse proxy in Switzerland 
(with substantial market share) which is able to use / create
a client certificate _per_ session.

So the client connects to the RP, performs authentication. When
creating the session serverside, the RP creates a client cert and
fills it with information received from the client and binds this
cert to the session. Then it connects to the backend and uses this
dynamic client cert in the handshake.

I realise this is way beyond what Apache is capable of doing. But
when looking into the limitations of SSLProxy..., one might consider
an architecture, that would allow this. Maybe not immediately, but
sometime down the road.



Seek simplicity, and distrust it.
-- Alfred North Whitehead

View raw message