httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel E" <>
Subject Re: [users@httpd] How to encrypt traffic between client and apache proxy server
Date Thu, 24 Apr 2008 17:15:14 GMT
check out

and use the patch available there.

its a pity that this patch still wont make it to the main tree...
  ----- Original Message ----- 
  From: Stephen Hu 
  Sent: Thursday, April 24, 2008 8:44 PM
  Subject: [users@httpd] How to encrypt traffic between client and apache proxy server


       I was trying to setup a forward proxy solution with apache, but via port 443(SSL) rather
than just via 80. So I hope it should work as the following diagram:  


  Client(IP1:Random)     (IP2:443)Apache(IP2:Random) (IP3:443)Web Server

  1  |--------SSL Hand Shake-----(443)|

  2  |-CONNECT IP3:443 HTTP/1.1->(443)|

  3                                   |----TCP hand shake---(443)|

  4  |<-HTTP/1.0 200 Established-(443)|


  6  |----------------------SSL Hand Shake------------------(443)|

  7  |------GET / HTTP/1.1------>(443)|----GET / HTTP/1.1-->(443)|

  8  |<------------HTML----------(443)|<---------HTML-------(443)|


       So I configured my apache server like this: 

  <VirtualHost _default_:443>

  ProxyRequests On

  <Proxy *>

      Order deny,allow

      Allow from all



       I did the following test. It looks like apache works, after SSL hand shake, I sent
"CONNECT IP3:443 HTTP/1.1" to apache proxy(encrypted), apache decrypted the CONNECT instruction
correctly and tried to connect IP3 and returned "HTTP/1.0 200 Connection Established..", BUT
the only problem is apache returned the HTTP/1.0 200 in PLAN TEXT, so my client doesn't understand
it and stops. Here is the test log: 


  1. Connect to proxy: 

  openssl s_client -connect IP2:443 -state -debug


  SSL handshake has read 1361 bytes and written 340 bytes


  New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA

  Server public key is 1024 bit

  Compression: NONE

  Expansion: NONE


      Protocol  : TLSv1

      Cipher    : DHE-RSA-AES256-SHA

      Session-ID: FC2A51765458493165B386D05A1DAF2CEAE4C762078D534ADD862E1802381486


      Master-Key: 695B9E094F07F7ECD0B73EC8E0FC0A441B8A96C41CE2B85E771C85DC5AADC5BBB41F1DDA7F387D62B0C808A6411BFDB6

      Key-Arg   : None

      Krb5 Principal: None

      Start Time: 1209048482

      Timeout   : 300 (sec)

      Verify return code: 18 (self signed certificate)



  2. I sent CONNECT instruction: 




  SSL3 alert write:fatal:protocol version

  32713:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:288:


  SSL3 alert write:warning:close notify


       I traced on proxy server, actually, it returned: "HTTP/1.0 200 Connection Established.."
in PLAN TEXT and caused this problem.


  Very Best Regards!

View raw message