HelloThis is my first mail here and I know a poor English, so please excuse any inconvenience... ;)
I'm trying to setup a reverse proxy using mod_proxy to a cluster of WebServers, balanced with an Alteon G5 with sslid mechanism. Indeed, the reverse proxies are a cluster of 4 too, balanced with kernel IPVS ( but this is not important at the moment ).
I have observed problems maintaining the session when using HTTPS and not HTTP.
SSL is a set of protocols built on top of TCP/IP that allows an application server and client to communicate over an encrypted HTTP session, providing authentication, non-repudiation, and security. The SSL protocol handshake is performed using clear (unencrypted) text. The content data is then encrypted (using an algorithm exchanged during the handshake) prior to being
transmitted.Using the SSL session ID, the switch forwards the client request to the same real server to which it was bound during the last session. Because SSL protocol allows many TCP connections to use the same session ID from the same client to a server, key exchange needs to be done only when the session ID expires. This reduces server overhead and provides a mechanism, even when the client IP address changes, to send all sessions to the same real server.
---Is there a way to have the same SSL ID in the SSLProxyengine for the same client? how does it work? Is the SSL ID for the client-rproxy the same that the rproxy-balancer? How can I fix this?
Thx a lot, Francisco Gimeno --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|