Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id AA18B10C0C for ; Tue, 10 Sep 2013 12:04:24 +0000 (UTC) Received: (qmail 62107 invoked by uid 500); 10 Sep 2013 12:04:21 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 61868 invoked by uid 500); 10 Sep 2013 12:04:17 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 61854 invoked by uid 99); 10 Sep 2013 12:04:16 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Sep 2013 12:04:16 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of knst.kolinko@gmail.com designates 74.125.82.180 as permitted sender) Received: from [74.125.82.180] (HELO mail-we0-f180.google.com) (74.125.82.180) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Sep 2013 12:04:11 +0000 Received: by mail-we0-f180.google.com with SMTP id u57so5353758wes.25 for ; Tue, 10 Sep 2013 05:03:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=Nua1Fd2xpTiklgIxoe5czpyDzFd+fVMqU6O9RSt6Pbw=; b=HbK30Wz9EtZIY9rxbzbdRzFyK/GoU67qAo2qqA6JG3GdEQI4G3jQ4uWD8ogiUe3uxs X9BgQBgKS2y6v34bwCfR96+f5CEjzOtPwXhOJkZPTZr6//zehoOCwCIyebLS7BqaUEmP HZiZdXVo3vE1rwko4rDrGvDnaQy7BbbyXcToBMFvYl4qKw0cmJ3Pet0GKL43fXUJF6fq 8ILuXwlw8mBHLGzg5JJrqvldR6N9K3rv6pYma5fbi5xt+hyKtkzCx0CKkjc4Ahq+TRQz dWF6gVEa+qFq2+adlibECgsrTMRkoVgS5uM9x0hN+Mx8wLo8vkZf3irtZ7DVfVanLZ3n QVFQ== MIME-Version: 1.0 X-Received: by 10.194.94.101 with SMTP id db5mr209625wjb.67.1378814630723; Tue, 10 Sep 2013 05:03:50 -0700 (PDT) Received: by 10.216.161.196 with HTTP; Tue, 10 Sep 2013 05:03:50 -0700 (PDT) In-Reply-To: <522E185E.3050100@christopherschultz.net> References: <522E185E.3050100@christopherschultz.net> Date: Tue, 10 Sep 2013 16:03:50 +0400 Message-ID: Subject: Re: [OT] Tunneling an arbitrary protocol via SSL/TLS From: Konstantin Kolinko To: Tomcat Users List Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org > > Somewhat off-topic, but I was wondering if anyone knew of any package > or technique that could be used to tunnel an arbitrary protocol via TLS? > > In this particular case, I need to wrap HTTP in TLS (to make HTTPS :) > without modifying the source of the client -- and the client does not > support HTTPS. :( > > So far, I've come up with the following possibilities: > >(...) > > 2. Use an HTTP proxy. This obviously wouldn't support an "arbitrary" > protocol, but I think it would get the job done. Any suggestions for > simply and free proxy software? About all I need to do is configure a > client SSL certificate. > Apache HTTPD can be configured as a proxy for remote HTTPS server. You will need mod_proxy (ProxyPass https://otherserver/) and mod_ssl (SSLProxyEngine on). I never used authentication by client certificate there, but it looks that it is possible (SSLProxyMachineCertificateFile). http://httpd.apache.org/docs/2.4/mod/mod_ssl.html Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org