httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Spil Oss" <spil....@googlemail.com>
Subject Re: [users@httpd] Reverse SSL proxy with NULL cipher on backend?
Date Mon, 18 Sep 2006 12:28:04 GMT
Hi Josh,

When you say "https is hard-coded as the beginning of all URLs" you
mean that that is done in all pages that the webserver generates? In
that case you might just address oapache using http, and in apache2's
config ProxyPass / http://localhost/.

Kind Regards,

Spil
On 18/09/06, Josh Wyatt <Josh.Wyatt@hcssystems.com> wrote:
> Joshua Slive wrote:
> > On 9/16/06, Josh Wyatt <Josh.Wyatt@hcssystems.com> wrote:
> >> I'd like to use NULL authentication, ciphers, etc to reduce the
> >> proxyapache <-> oapache SSL overhead.  How can I configure oapache and
> >> proxyapache to use NULL for authentication, ciphers, etc?
> >
> >
> > I don't know the answer to that.  I suspect it is impossible without
> > modifying the configuratio n of oapache to accept null ciphers.
> >
> > But in any case, this is silly.  Why no just configure oapache to use
> > ordinary http instead?
> >
> > Joshua.
>
> I agree it's silly that SSL is required.  But it truly is for this application (https
is hard-coded as the beginning of all URLs), and it's a COTS application, so we can't change
that bit.
>
> Now, I absolutely DO have control over oapache's configuration.  And as I stated in my
initial post, I already tried specifying NULL ciphers with.  Quoting my initial post:
>
> 'SSLProxyCipherSuite NULL' on proxyapache, and 'SSLCipherSuite NULL' on oapache.  In
oapache's logfiles I get:
>
> [Fri Sep 15 22:00:51 2006] [error] mod_ssl: SSL handshake failed (server oapache:8888,
client proxyapache) (OpenSSL library error follows)
> [Fri Sep 15 22:00:51 2006] [error] OpenSSL: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
shared cipher [Hint: Too restrictive SSLCipherSuite or using DSA server certificate?]
>
> Any help you can provide would be greatly appreciated.
>
> Thanks,
> Josh
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message