tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: [OT] Tunneling an arbitrary protocol via SSL/TLS
Date Tue, 10 Sep 2013 13:44:58 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Konstantin,

On 9/10/13 8:03 AM, Konstantin Kolinko wrote:
>> Somewhat off-topic, but I was wondering if anyone knew of any
>> package or technique that could be used to tunnel an arbitrary
>> protocol via TLS?
>> 
>> In this particular case, I need to wrap HTTP in TLS (to make
>> HTTPS :) without modifying the source of the client -- and the
>> client does not support HTTPS. :(
>> 
>> So far, I've come up with the following possibilities:
>> 
>> (...)
>> 
>> 2. Use an HTTP proxy. This obviously wouldn't support an
>> "arbitrary" protocol, but I think it would get the job done. Any
>> suggestions for simply and free proxy software? About all I need
>> to do is configure a client SSL certificate.
>> 
> 
> Apache HTTPD can be configured as a proxy for remote HTTPS server.
> 
> You will need mod_proxy (ProxyPass https://otherserver/) and
> mod_ssl (SSLProxyEngine on).

So, something like this:

Listen localhost:1234
<VirtualHost localhost:1234>
   ProxyRequests On
   ProxyPass / https://otherserver/
</VirtualHost>


I don't think I'll need SSLPRoxyEngine -- the docs for that directive
say you "usually don't need it". Perhaps it is required to use...

> I never used authentication by client certificate there, but it
> looks that it is possible (SSLProxyMachineCertificateFile).

Thanks for the pointer.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSLyJaAAoJEBzwKT+lPKRYFGkP/1GpdURX882CL82QWXFTRZfg
Xiqe1lXZ+lh6iTIyoFJTEZtkwvjhQ1I5i63UMB8qn3C0BaImVGaGFJrZZJbmgoGl
qKo1ivyQxOzDQAkdcXo54CFgJ8E8CcSL+kcNCtMKusq2DfQf4WdIB0n/u/EHuhnl
sU8yXLFiDqotq1n39OMK0TAupxc1naismaqgEbV6eRHzPv6nXgHkt/y+QIY+O3fV
Uvj2QzUAQPadkalxZqdq5EHVW5PIhtczONjFP+I9gBWOWEiz2sOTXIaGr70P4DKm
x+1YvGesmhW3y+FczvSxdHvjSykkqNWLlqY919g0a6E+Y0H509q1j2tvbAVXrsEp
00wiozPyaUrX+b79aI0qj+0NXtZeqEDsjG7AtwweYPfPN9F2hOyU12XSIo/pFYqF
vrpAYJD7C++0OYmXgLgOjY+elrnZzwDioJKxLoKAj1YalVMLJr1RdJXwZK3cWHyw
mMBF0F4wHekcMdPpjV3Iw82sKTOotrkKFLst8OQ6BGHq5OiSpLaQMjTR+/s1KU6D
IQt5vWRJgei1906oJ91Ru/KnpJimIqkoFWB0rCM5KOOw3IDjwiXscloiLS6XQsbx
3rUF12DHnZ1xxYCveCVBafTJn5tcfXw69H2cnD6qdOiRRKtedU2sRVnFLxwGmWQM
6uCJf0IRRUWV09gdKWje
=yLPp
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message