httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <>
Subject Re: [users@httpd] ProxyPreserveHost doesn't work with SSL
Date Mon, 04 Jul 2016 15:53:48 GMT
On Mon, Jul 4, 2016 at 5:36 PM, Yann Ylavic <> wrote:
> On Mon, Jul 4, 2016 at 5:00 PM, Marat Khalili <> wrote:
>> On 04/07/16 17:29, Eric Covener wrote:
>>> SNI is in the ClientHello, you'd be able to eliminate/confirm that bit.
>> Yes you're right. But now I cannot reproduce original problem. And SNI is
>> correctly transferred from client in packet capture. Either the problem is
>> transient or it's gone. Will post again if I see it appear again.
> The issue fixed in 2.4.20 (no outgoing SNI) would only happen if an
> idle connection, about to be reused, was closed remotely by the
> backend (because of a keepalive timeout expired on its side), which
> caused the proxy to create a new connection without SNI.

Thus in affected versions (< 2.4.20), it can be avoided/worked-around
by using an idle timeout on the proxy side (the ProxyPass' parameter
ttl= in mod_proxy) lower than the KeepAliveTimeout configured on the

This is anyway an good setting to synchronize a proxy with its backend
(and avoid races conditions regarding reused connections)....

> Regards,
> Yann.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message