You need
SSLProxyCipherSuite NULL-SHA
You also need to make sure that your backend server is configured to accept NULL ciphers.
-ascs
-----Message d'origine-----
De : Qingshan Xie [mailto:xieq_49@xxxxxxxxx]
Envoyé : jeudi 31 janvier 2008 01:37
À : Krist van Besien; users@xxxxxxxxxxxxxxxx
Objet : Re: Can Apache Proxy server to proxy the HTTP requests to the backend HTTPS/SSL server?
Krist, Thanks for your suggestion. I did the test by the below configuration,
SSLCipherSuite NULL-SHA
but got 500 error in broswer, the error_log has the following errors:
[Wed Jan 30 15:11:55 2008] [debug] ssl_engine_kernel.c(1768): OpenSSL: Exit: error in SSLv3 read client h ello B [Wed Jan 30 15:11:55 2008] [info] SSL library error 1 in handshake (server qixie-lnx.cisco.com:443, clien t 171.71.84.41) [Wed Jan 30 15:11:55 2008] [info] SSL Library Error: 336109761 error:1408A0C1:SSL routines:SSL3_GET_CLIEN T_HELLO:no shared cipher Too restrictive SSLCipherSuite or using DSA server certificate?
[Wed Jan 30 15:11:55 2008] [info] Connection to child 64 closed with abortive shutdown(server qixie-lnx.c isco.com:443, client 171.71.84.41)
Seems the ciphersuite NULL-SHA caused the ssl-handshake failure. Any idea to fix it?
Many Thanks,
Q.Xie
----- Original Message ----
From: Krist van Besien <krist.vanbesien@xxxxxxxxx>
To: users@xxxxxxxxxxxxxxxx
Sent: Friday, January 25, 2008 1:18:54 AM
Subject: Re: Can Apache Proxy server to proxy the HTTP requests to the backend HTTPS/SSL server?
On
Jan
25,
2008
12:22
AM,
Qingshan
Xie
<xieq_49@xxxxxxxxx>
wrote:
>
Dear
Friends,
>
>
We
configured
a
HTTPS
proxy
server
successfully
to
server
the
HTTPS
requests.
However,
we
also
want
to
configure
a
HTTP
proxy
server
to
handle
the
HTTP
requests
but
proxy
the
HTTP
requests
to
the
backend
SSL(or
HTTPS)
server.
The
request
flow
is
as
below,
>
>
HTTP
request
==>
proxy
server
==>
HTTPS(
or
SSL)
server?
>
>
Can
Apache
proxy
do
it?
Please
help.
Apache
can
do
this.
Read
the
info
in
the
manual
on
the
following
directives:
SSLProxyEngine
SSLProxyCACertificatePath
Krist
--
krist.vanbesien@xxxxxxxxx
krist@xxxxxxxxxxxxx
Bremgarten
b.
Bern,
Switzerland
--
A:
It
reverses
the
normal
flow
of
conversation.
Q:
What's
wrong
with
top-posting?
A:
Top-posting.
Q:
What's
the
biggest
scourge
on
plain
text
email
discussions?
---------------------------------------------------------------------
The
official
User-To-User
support
forum
of
the
Apache
HTTP
Server
Project.
See
<URL:http://httpd.apache.org/userslist.html>
for
more
info.
To
unsubscribe,
e-mail:
users-unsubscribe@xxxxxxxxxxxxxxxx
"
from
the
digest:
users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For
additional
commands,
e-mail:
users-help@xxxxxxxxxxxxxxxx
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|