Return-Path: <users-return-115155-archive-asf-public=cust-asf.ponee.io@httpd.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id F34CF200C3D
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Tue, 28 Feb 2017 00:16:58 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id F1CBD160B6C; Mon, 27 Feb 2017 23:16:58 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 47359160B60
	for <archive-asf-public@cust-asf.ponee.io>; Tue, 28 Feb 2017 00:16:58 +0100 (CET)
Received: (qmail 56994 invoked by uid 500); 27 Feb 2017 23:16:57 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 56984 invoked by uid 99); 27 Feb 2017 23:16:56 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Feb 2017 23:16:56 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 8766818E852
	for <users@httpd.apache.org>; Mon, 27 Feb 2017 23:16:56 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 2.379
X-Spam-Level: **
X-Spam-Status: No, score=2.379 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001]
	autolearn=disabled
Authentication-Results: spamd3-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024)
	with ESMTP id dnjkDSmgoDGI for <users@httpd.apache.org>;
	Mon, 27 Feb 2017 23:16:55 +0000 (UTC)
Received: from mail-yw0-f179.google.com (mail-yw0-f179.google.com [209.85.161.179])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 471135FB0B
	for <users@httpd.apache.org>; Mon, 27 Feb 2017 23:16:55 +0000 (UTC)
Received: by mail-yw0-f179.google.com with SMTP id d1so35474097ywd.2
        for <users@httpd.apache.org>; Mon, 27 Feb 2017 15:16:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:from:date:message-id:subject:to;
        bh=9l+ezJT1wAA3tW4zMjJnuN+VQokkaqYk16Lfi19Ur78=;
        b=sOW2BpeCYDLYcGqNcyL9OsrPDGWWIEhp38eLYF/NGnntT8uEqL4kYy3mIzdJlM/lxe
         KCxawxkGEtUQdIEh1mBGhYMo+s6riAyc3xSvtu7DxdjDfyuFogmLzwCi0scL6FTcUD+F
         uh6We4PQozuYLRpQI6AfE4hTcX+3/9L+sw9UYHi1wrZnEBLxXqHg1v6fMDIlQOn4Q/qS
         nDh/qASivDHlw6SboKzkNcSowFLTQdrEBVOvEWxqcgVuCsSUnoi6Xw2svj6Bj1SsbYCu
         uwfKo1T545RGps2jHGB2gHdSL7AbJIjuFPa6e+nBBOqBk1zo4Ov2jEAcMWd4lgsTCaQf
         +XrQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=9l+ezJT1wAA3tW4zMjJnuN+VQokkaqYk16Lfi19Ur78=;
        b=sVxVFtGo46+i8RS6yQzRNclzZTR+3zCGP+dY5ArgDXA8zEqRfJNe7KxlVVQ+bwQWVw
         LhyCv5SiskWGncMxpVnblHnNZ3UYHqNuo8eLEnig2tyFPk6ukPi9A4FmovIoyijnsWXH
         4NCleF6djNyoY3talHXcFL3i/dv4lRRiagzUsSz5dhUs8iD1uiK5wAXM3/YQrbXJyUA0
         ile2ylSEiJOVq0MQfWyspyuVyOluN49X9Vm3nKcdQRovbsr21fFOGbgrTMxIVjzBL4+9
         Mga0/wNjpZ0nr1UIfk3+OqsDcQVg+G4yolFS6RnhwInNXaQSANwkqruVp7sh0ZB3rfnh
         Ulzw==
X-Gm-Message-State: AMke39mIkWVpZAFdfxIv9Qrm0kiZrZosyKlo6EcgpNUc/Y+DsgCepXcmgzM5E2c8alPEjPuQIqjFaahPi4ybIA==
X-Received: by 10.129.102.136 with SMTP id a130mr13003686ywc.144.1488237408770;
 Mon, 27 Feb 2017 15:16:48 -0800 (PST)
MIME-Version: 1.0
Received: by 10.129.53.3 with HTTP; Mon, 27 Feb 2017 15:16:48 -0800 (PST)
From: Daniel Frank <danthehitman@gmail.com>
Date: Mon, 27 Feb 2017 16:16:48 -0700
Message-ID: <CAFaNjB=p_Ei_hW-Lc3TN=AFe9KygXTU-gYAsA48VBQnupKrr+Q@mail.gmail.com>
To: users@httpd.apache.org
Content-Type: multipart/alternative; boundary=001a1149097a1776f805498b4621
Subject: [users@httpd] Forward Proxy on behalf of the client instead of as a tunnel
archived-at: Mon, 27 Feb 2017 23:16:59 -0000

--001a1149097a1776f805498b4621
Content-Type: text/plain; charset=UTF-8

All,

I am trying to set Apache up as a forward proxy to help solve an issue that
we have where an HTTP Client in our application does not support TLS 1.2
but an API that we need to consume only supports TLS 1.2.  What I am
attempting to do is use Apache to talk HTTPS/TLS 1.2 to the target API but
allow my internal client to talk to the proxy over HTTP.

I had it in my head that this was what a forward proxy was going to give me
so after having set up a forward proxy and configuring my application to
use it I was surprised to see that I was getting exactly the same behavior
that I was getting when I had no proxy configured (failure of my internal
client to speak TLS 1.2).

So my question is; can Apache be configured as a FORWARD proxy to speak
HTTP with the caller but HTTPS to the callee?

I have spent a lot of time searching and I did check the mailing list
archives but it's entirely possible that I just dont even know what to
search for to get a good answer so if this is a dumb question I sincerely
apologize for wasting the groups time.

Thanks in advance for any help.

-Dan

--001a1149097a1776f805498b4621
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><span style=3D"font-size:12.8px">All,</span><div style=3D"=
font-size:12.8px"><br></div><div style=3D"font-size:12.8px">I am trying to =
set Apache up as a forward proxy to help solve an issue that we have where =
an HTTP Client in our application does not support TLS 1.2 but an API that =
we need to consume only supports TLS 1.2.=C2=A0 What I am attempting to do =
is use Apache to talk HTTPS/TLS 1.2 to the target API but allow my internal=
 client to talk to the proxy over HTTP.</div><div style=3D"font-size:12.8px=
"><br></div><div style=3D"font-size:12.8px">I had it in my head that this w=
as what a forward proxy was going to give me so after having set up a forwa=
rd proxy and configuring my application to use it I was surprised to see th=
at I was getting exactly the same behavior that I was getting when I had no=
 proxy configured (failure of my internal client to speak TLS 1.2).</div><d=
iv style=3D"font-size:12.8px"><br></div><div style=3D"font-size:12.8px">So =
my question is; can Apache be configured as a FORWARD proxy to speak HTTP w=
ith the caller but HTTPS to the callee?</div><div style=3D"font-size:12.8px=
"><br></div><div style=3D"font-size:12.8px">I have spent a lot of time sear=
ching and I did check the mailing list archives but it&#39;s entirely possi=
ble that I just dont even know what to search for to get a good answer so i=
f this is a dumb question I sincerely apologize for wasting the groups time=
.</div><div style=3D"font-size:12.8px"><br></div><div style=3D"font-size:12=
.8px">Thanks in advance for any help.</div><div style=3D"font-size:12.8px">=
<br></div><div style=3D"font-size:12.8px">-Dan</div></div>

--001a1149097a1776f805498b4621--