httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Wyatt <>
Subject Re: [users@httpd] Reverse SSL proxy with NULL cipher on backend?
Date Sun, 17 Sep 2006 23:49:20 GMT
Joshua Slive wrote:
> On 9/16/06, Josh Wyatt <> wrote:
>> I'd like to use NULL authentication, ciphers, etc to reduce the 
>> proxyapache <-> oapache SSL overhead.  How can I configure oapache and 
>> proxyapache to use NULL for authentication, ciphers, etc?
> I don't know the answer to that.  I suspect it is impossible without
> modifying the configuratio n of oapache to accept null ciphers.
> But in any case, this is silly.  Why no just configure oapache to use
> ordinary http instead?
> Joshua.

I agree it's silly that SSL is required.  But it truly is for this application (https is hard-coded
as the beginning of all URLs), and it's a COTS application, so we can't change that bit.

Now, I absolutely DO have control over oapache's configuration.  And as I stated in my initial
post, I already tried specifying NULL ciphers with.  Quoting my initial post:

'SSLProxyCipherSuite NULL' on proxyapache, and 'SSLCipherSuite NULL' on oapache.  In oapache's
logfiles I get:

[Fri Sep 15 22:00:51 2006] [error] mod_ssl: SSL handshake failed (server oapache:8888, client
proxyapache) (OpenSSL library error follows)
[Fri Sep 15 22:00:51 2006] [error] OpenSSL: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
shared cipher [Hint: Too restrictive SSLCipherSuite or using DSA server certificate?] 

Any help you can provide would be greatly appreciated.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message