Re: Can Apache Proxy server to proxy the HTTP requests to the backend HTTPS/SSL server?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks Axel-Stephane.

It works.

Q.Xie

----- Original Message ----
From: 
To: users@xxxxxxxxxxxxxxxx
Sent: Thursday, January 31, 2008 1:19:37 AM
Subject: RE:  Can Apache Proxy server to proxy the HTTP requests to the backend HTTPS/SSL server?


You 
need

SSLProxyCipherSuite  
NULL-SHA

You 
also 
need 
to 
make 
sure 
that 
your 
backend 
server 
is 
configured 
to 
accept 
NULL 
ciphers.

-ascs
 
-----Message 
d'origine-----
De 
: 
Qingshan 
Xie 
[mailto:xieq_49@xxxxxxxxx] 
Envoyé 
: 
jeudi 
31 
janvier 
2008 
01:37
À 
: 
Krist 
van 
Besien; 
users@xxxxxxxxxxxxxxxx
Objet 
: 
Re: 
 
Can 
Apache 
Proxy 
server 
to 
proxy 
the 
HTTP 
requests 
to 
the 
backend 
HTTPS/SSL 
server?

Krist,  
 
Thanks 
for 
your 
suggestion.  
I 
did 
the 
test 
by 
the 
below 
configuration,
  
  
  
  
SSLCipherSuite  
NULL-SHA

but 
got 
500 
error 
in 
broswer, 
the 
error_log 
has 
the 
following 
errors:
[Wed 
Jan 
30 
15:11:55 
2008] 
[debug] 
ssl_engine_kernel.c(1768): 
OpenSSL: 
Exit: 
error 
in 
SSLv3 
read 
client 
h 
ello 
B 
[Wed 
Jan 
30 
15:11:55 
2008] 
[info] 
SSL 
library 
error 
1 
in 
handshake 
(server 
qixie-lnx.cisco.com:443, 
clien 
t 
171.71.84.41) 
[Wed 
Jan 
30 
15:11:55 
2008] 
[info] 
SSL 
Library 
Error: 
336109761 
error:1408A0C1:SSL 
routines:SSL3_GET_CLIEN 
T_HELLO:no 
shared 
cipher 
Too 
restrictive 
SSLCipherSuite 
or 
using 
DSA 
server 
certificate?
[Wed 
Jan 
30 
15:11:55 
2008] 
[info] 
Connection 
to 
child 
64 
closed 
with 
abortive 
shutdown(server 
qixie-lnx.c 
isco.com:443, 
client 
171.71.84.41)

Seems 
the 
ciphersuite 
NULL-SHA 
caused 
the 
ssl-handshake 
failure.  
Any 
idea 
to 
fix 
it?

Many 
Thanks,
Q.Xie

----- 
Original 
Message 
----
From: 
Krist 
van 
Besien 
<krist.vanbesien@xxxxxxxxx>
To: 
users@xxxxxxxxxxxxxxxx
Sent: 
Friday, 
January 
25, 
2008 
1:18:54 
AM
Subject: 
Re: 
 
Can 
Apache 
Proxy 
server 
to 
proxy 
the 
HTTP 
requests 
to 
the 
backend 
HTTPS/SSL 
server?


On
Jan
25,
2008
12:22
AM,
Qingshan
Xie
<xieq_49@xxxxxxxxx>
wrote:
> 
Dear
Friends,
>
>  
  
We
configured
a
HTTPS
proxy
server
successfully
to
server
the
HTTPS
requests.  
However,
we
also
want
to
configure
a
HTTP
proxy
server
to
handle
the
HTTP
requests
but
proxy
the
HTTP
requests
to
the
backend
SSL(or
HTTPS)
server.  
The
request
flow
is
as
below,
>
> 
HTTP
request
==>
proxy
server
==>
HTTPS(
or
SSL)
server?
>
> 
Can
Apache
proxy
do
it?  
Please
help.

Apache
can
do
this.

Read
the
info
in
the
manual
on
the
following
directives:
SSLProxyEngine
SSLProxyCACertificatePath



Krist



--
krist.vanbesien@xxxxxxxxx
krist@xxxxxxxxxxxxx
Bremgarten
b. 
Bern,
Switzerland
--
A: 
It
reverses
the
normal
flow
of
conversation.
Q: 
What's
wrong
with
top-posting?
A: 
Top-posting.
Q: 
What's
the
biggest
scourge
on
plain
text
email
discussions?

---------------------------------------------------------------------
The
official
User-To-User
support
forum
of
the
Apache
HTTP
Server
Project.
See
<URL:http://httpd.apache.org/userslist.html>
for
more
info.
To
unsubscribe,
e-mail: 
users-unsubscribe@xxxxxxxxxxxxxxxx
  
 
"  
 
from
the
digest: 
users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For
additional
commands,
e-mail: 
users-help@xxxxxxxxxxxxxxxx






  
  
  
____________________________________________________________________________________
Be 
a 
better 
friend, 
newshound, 
and
know-it-all 
with 
Yahoo! 
Mobile.  
Try 
it 
now.  
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 


---------------------------------------------------------------------
The 
official 
User-To-User 
support 
forum 
of 
the 
Apache 
HTTP 
Server 
Project.
See 
<URL:http://httpd.apache.org/userslist.html> 
for 
more 
info.
To 
unsubscribe, 
e-mail: 
users-unsubscribe@xxxxxxxxxxxxxxxx
  
 
"  
 
from 
the 
digest: 
users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For 
additional 
commands, 
e-mail: 
users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The 
official 
User-To-User 
support 
forum 
of 
the 
Apache 
HTTP 
Server 
Project.
See 
<URL:http://httpd.apache.org/userslist.html> 
for 
more 
info.
To 
unsubscribe, 
e-mail: 
users-unsubscribe@xxxxxxxxxxxxxxxx
  
 
"  
 
from 
the 
digest: 
users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For 
additional 
commands, 
e-mail: 
users-help@xxxxxxxxxxxxxxxx






      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux