httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [users@httpd] Re: Apache Reverse Proxy with SSL mutul Auth
Date Mon, 11 Mar 2013 12:55:27 GMT
If you change the ssl config per location, there is an ssl renegotiation.
On Mar 11, 2013 8:54 AM, "chima s" <chima.s@gmail.com> wrote:

> Hi All,
>
> I found 2 “Change Cipher Spec”, only when i am using the "Location"
> tag. I am using "Location" tag as i don't want SSL Mutual
> authentication for all the URLs.
>
> Why i am getting 2 “Change Cipher Spec” when i am using "Location" tag.
>
> Regards
> Chima
>
> On Mon, Mar 11, 2013 at 2:45 PM, chima s <chima.s@gmail.com> wrote:
> > Hi
> >
> > We are using apache as reverse proxy and backend as tomact.
> >
> > In Apache we are terminating the SSL connection and also enabled the
> > client authentication.
> >
> > We are using soapui to test the connectivity and wireshark to check
> > the SSL handshake.
> >
> > Below is wireshark flow dump. I noticed 2 “Change Cipher Spec”
> > messages (2903 and 2999).  Why there is 2 “Change Cipher Spec” and is
> > this normal ?
> >
> > No.     Time        Source                Destination
> > Protocol Length Info
> >    2811 3.440639    172.168.78.64         10.250.250.188         TCP
> >    74     36556 > https [SYN, ECN, CWR] Seq=0 Win=5840 Len=0 MSS=1460
> > SACK_PERM=1 TSval=3497146518 TSecr=0 WS=256
> >    2843 3.457441    10.250.250.188         172.168.78.64         TCP
> >    74     https > 36556 [SYN, ACK, ECN] Seq=0 Ack=1 Win=5792 Len=0
> > MSS=1380 SACK_PERM=1 TSval=2174348895 TSecr=3497146518 WS=128
> >    2844 3.457459    172.168.78.64         10.250.250.188         TCP
> >    66     36556 > https [ACK] Seq=1 Ack=1 Win=5888 Len=0
> > TSval=3497146522 TSecr=2174348895
> >    2845 3.457683    172.168.78.64         10.250.250.188         TLSv1
> >    173    Client Hello
> >    2865 3.473604    10.250.250.188         172.168.78.64         TCP
> >    66     https > 36556 [ACK] Seq=1 Ack=108 Win=5888 Len=0
> > TSval=2174348912 TSecr=3497146522
> >    2888 3.482350    10.250.250.188         172.168.78.64         TLSv1
> >    1434   Server Hello
> >    2889 3.482356    172.168.78.64         10.250.250.188         TCP
> >    66     36556 > https [ACK] Seq=108 Ack=1369 Win=8960 Len=0
> > TSval=3497146528 TSecr=2174348920
> >    2890 3.482359    10.250.250.188         172.168.78.64         TCP
> >    1434   [TCP segment of a reassembled PDU]
> >    2891 3.482363    172.168.78.64         10.250.250.188         TCP
> >    66     36556 > https [ACK] Seq=108 Ack=2737 Win=11776 Len=0
> > TSval=3497146528 TSecr=2174348920
> >    2892 3.482366    10.250.250.188         172.168.78.64         TLSv1
> >    1426   Certificate
> >    2893 3.482371    172.168.78.64         10.250.250.188         TCP
> >    66     36556 > https [ACK] Seq=108 Ack=4097 Win=14592 Len=0
> > TSval=3497146528 TSecr=2174348920
> >    2898 3.509659    10.250.250.188         172.168.78.64         TLSv1
> >    465    Server Key Exchange
> >    2899 3.509666    172.168.78.64         10.250.250.188         TCP
> >    66     36556 > https [ACK] Seq=108 Ack=4496 Win=17152 Len=0
> > TSval=3497146535 TSecr=2174348937
> >    2900 3.517916    172.168.78.64         10.250.250.188         TLSv1
> >    264    Client Key Exchange, Change Cipher Spec, Encrypted Handshake
> > Message
> >    2903 3.541547    10.250.250.188         172.168.78.64         TLSv1
> >    125    Change Cipher Spec, Encrypted Handshake Message
> >    2904 3.541700    172.168.78.64         10.250.250.188         TLSv1
> >    375    Application Data
> >    2905 3.541777    172.168.78.64         10.250.250.188         TLSv1
> >    343    Application Data
> >    2939 3.562193    10.250.250.188         172.168.78.64         TCP
> >    66     https > 36556 [ACK] Seq=4555 Ack=892 Win=9088 Len=0
> > TSval=2174349001 TSecr=3497146543
> >    2940 3.562846    10.250.250.188         172.168.78.64         TLSv1
> >    103    Encrypted Handshake Message
> >    2941 3.562945    172.168.78.64         10.250.250.188         TLSv1
> >    183    Encrypted Handshake Message
> >    2955 3.587402    10.250.250.188         172.168.78.64         TLSv1
> >    1434   Encrypted Handshake Message
> >    2956 3.587919    10.250.250.188         172.168.78.64         TLSv1
> >    1434   Encrypted Handshake Message
> >    2957 3.587928    172.168.78.64         10.250.250.188         TCP
> >    66     36556 > https [ACK] Seq=1009 Ack=7328 Win=23040 Len=0
> > TSval=3497146554 TSecr=2174349026
> >    2958 3.587932    10.250.250.188         172.168.78.64         TLSv1
> >    582    Encrypted Handshake Message
> >    2963 3.597538    172.168.78.64         10.250.250.188         TLSv1
> >    1434   Encrypted Handshake Message
> >    2964 3.597543    172.168.78.64         10.250.250.188         TLSv1
> >    371    Encrypted Handshake Message
> >    2983 3.613528    10.250.250.188         172.168.78.64         TCP
> >    66     https > 36556 [ACK] Seq=7844 Ack=2682 Win=14720 Len=0
> > TSval=2174349052 TSecr=3497146557
> >    2999 3.620452    10.250.250.188         172.168.78.64         TLSv1
> >    156    Change Cipher Spec, Encrypted Handshake Message
> >    3001 3.637337    10.250.250.188         172.168.78.64         TLSv1
> >    609    Application Data, Application Data, Application Data
> >    3002 3.637472    172.168.78.64         10.250.250.188         TCP
> >    66     36556 > https [ACK] Seq=2682 Ack=8477 Win=28416 Len=0
> > TSval=3497146567 TSecr=2174349059
> >    3003 3.640371    10.250.250.188         172.168.78.64         TLSv1
> >    103    Application Data
> >    3106 3.676451    172.168.78.64         10.250.250.188         TCP
> >    66     36556 > https [ACK] Seq=2682 Ack=8514 Win=28416 Len=0
> > TSval=3497146577 TSecr=2174349079
> >    7214 8.646676    10.250.250.188         172.168.78.64         TCP
> >    66     https > 36556 [FIN, ACK] Seq=8514 Ack=2682 Win=14720 Len=0
> > TSval=2174354085 TSecr=3497146577
> >    7215 8.646809    172.168.78.64         10.250.250.188         TLSv1
> >    103    Encrypted Alert
> >    7216 8.646853    172.168.78.64         10.250.250.188         TCP
> >    66     36556 > https [FIN, ACK] Seq=2719 Ack=8515 Win=28416 Len=0
> > TSval=3497147819 TSecr=2174354085
> >    7261 8.661712    10.250.250.188         172.168.78.64         TCP
> >    66     https > 36556 [ACK] Seq=8515 Ack=2720 Win=14720 Len=0
> > TSval=2174354101 TSecr=3497147819
> >
> >
> > Regards
> > Chima
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message