httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Wyatt <Josh.Wy...@hcssystems.com>
Subject Re: [users@httpd] Reverse SSL proxy with NULL cipher on backend?
Date Sun, 17 Sep 2006 23:49:20 GMT
Joshua Slive wrote:
> On 9/16/06, Josh Wyatt <Josh.Wyatt@hcssystems.com> wrote:
>> I'd like to use NULL authentication, ciphers, etc to reduce the 
>> proxyapache <-> oapache SSL overhead.  How can I configure oapache and 
>> proxyapache to use NULL for authentication, ciphers, etc?
> 
> 
> I don't know the answer to that.  I suspect it is impossible without
> modifying the configuratio n of oapache to accept null ciphers.
> 
> But in any case, this is silly.  Why no just configure oapache to use
> ordinary http instead?
> 
> Joshua.

I agree it's silly that SSL is required.  But it truly is for this application (https is hard-coded
as the beginning of all URLs), and it's a COTS application, so we can't change that bit.

Now, I absolutely DO have control over oapache's configuration.  And as I stated in my initial
post, I already tried specifying NULL ciphers with.  Quoting my initial post:

'SSLProxyCipherSuite NULL' on proxyapache, and 'SSLCipherSuite NULL' on oapache.  In oapache's
logfiles I get:

[Fri Sep 15 22:00:51 2006] [error] mod_ssl: SSL handshake failed (server oapache:8888, client
proxyapache) (OpenSSL library error follows)
[Fri Sep 15 22:00:51 2006] [error] OpenSSL: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
shared cipher [Hint: Too restrictive SSLCipherSuite or using DSA server certificate?] 

Any help you can provide would be greatly appreciated.

Thanks,
Josh


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message