On 9/16/06, Josh Wyatt <Josh.Wyatt@xxxxxxxxxxxxxx> wrote:
I have a situation in which I must run an old, insecure Apache (1.3.19, don't ask...). The application that runs with this webserver requires SSL from the client. Let's call this oapache. To help secure this situation, I have built a 2.0.59 with openssl configuration on this same host. Let's call this proxyapache. The intent is to configure oapache to listen on the loopback only, and use proxyapache as the user-facing frontend. For the SSL requirement reason, I use 'SSLProxyEngine on' on proxyapache. This works fine. I've done some trickery using /etc/hosts for hostnames so that I can even use the same certificate/key with both apaches. Here's the request. The above configuration uses twice the CPU that the old (using only oapache, listening to the public interface) because it's doing double the SSL work: User <-> proxyapache proxyapache <-> oapache I'd like to use NULL authentication, ciphers, etc to reduce the proxyapache <-> oapache SSL overhead. How can I configure oapache and proxyapache to use NULL for authentication, ciphers, etc?
I don't know the answer to that. I suspect it is impossible without modifying the configuratio n of oapache to accept null ciphers. But in any case, this is silly. Why no just configure oapache to use ordinary http instead? Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|