httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Axel-Stephane SMORGRAV" <Axel-Stephane.SMORG...@europe.adp.com>
Subject RE: [users@httpd] Can Apache Proxy server to proxy the HTTP requests to the backend HTTPS/SSL server?
Date Thu, 31 Jan 2008 09:19:37 GMT
You need

SSLProxyCipherSuite  NULL-SHA

You also need to make sure that your backend server is configured to accept NULL ciphers.

-ascs
 
-----Message d'origine-----
De : Qingshan Xie [mailto:xieq_49@yahoo.com] 
Envoyé : jeudi 31 janvier 2008 01:37
À : Krist van Besien; users@httpd.apache.org
Objet : Re: [users@httpd] Can Apache Proxy server to proxy the HTTP requests to the backend
HTTPS/SSL server?

Krist,   Thanks for your suggestion.  I did the test by the below configuration,
        SSLCipherSuite  NULL-SHA

but got 500 error in broswer, the error_log has the following errors:
[Wed Jan 30 15:11:55 2008] [debug] ssl_engine_kernel.c(1768): OpenSSL: Exit: error in SSLv3
read client h ello B [Wed Jan 30 15:11:55 2008] [info] SSL library error 1 in handshake (server
qixie-lnx.cisco.com:443, clien t 171.71.84.41) [Wed Jan 30 15:11:55 2008] [info] SSL Library
Error: 336109761 error:1408A0C1:SSL routines:SSL3_GET_CLIEN T_HELLO:no shared cipher Too restrictive
SSLCipherSuite or using DSA server certificate?
[Wed Jan 30 15:11:55 2008] [info] Connection to child 64 closed with abortive shutdown(server
qixie-lnx.c isco.com:443, client 171.71.84.41)

Seems the ciphersuite NULL-SHA caused the ssl-handshake failure.  Any idea to fix it?

Many Thanks,
Q.Xie

----- Original Message ----
From: Krist van Besien <krist.vanbesien@gmail.com>
To: users@httpd.apache.org
Sent: Friday, January 25, 2008 1:18:54 AM
Subject: Re: [users@httpd] Can Apache Proxy server to proxy the HTTP requests to the backend
HTTPS/SSL server?


On
Jan
25,
2008
12:22
AM,
Qingshan
Xie
<xieq_49@yahoo.com>
wrote:
> 
Dear
Friends,
>
>  
  
We
configured
a
HTTPS
proxy
server
successfully
to
server
the
HTTPS
requests.  
However,
we
also
want
to
configure
a
HTTP
proxy
server
to
handle
the
HTTP
requests
but
proxy
the
HTTP
requests
to
the
backend
SSL(or
HTTPS)
server.  
The
request
flow
is
as
below,
>
> 
HTTP
request
==>
proxy
server
==>
HTTPS(
or
SSL)
server?
>
> 
Can
Apache
proxy
do
it?  
Please
help.

Apache
can
do
this.

Read
the
info
in
the
manual
on
the
following
directives:
SSLProxyEngine
SSLProxyCACertificatePath



Krist



--
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten
b. 
Bern,
Switzerland
--
A: 
It
reverses
the
normal
flow
of
conversation.
Q: 
What's
wrong
with
top-posting?
A: 
Top-posting.
Q: 
What's
the
biggest
scourge
on
plain
text
email
discussions?

---------------------------------------------------------------------
The
official
User-To-User
support
forum
of
the
Apache
HTTP
Server
Project.
See
<URL:http://httpd.apache.org/userslist.html>
for
more
info.
To
unsubscribe,
e-mail: 
users-unsubscribe@httpd.apache.org
  
 
"  
 
from
the
digest: 
users-digest-unsubscribe@httpd.apache.org
For
additional
commands,
e-mail: 
users-help@httpd.apache.org






      ____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message