RE: How to encrypt traffic between client and apache proxy server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thank you so much Emmanuel. I applied patch. Everything is working good now. Perfect!

 

Very Best Regards!
Stephen

From: Emmanuel E [mailto:emmanuel.e@xxxxxxx]
Sent: April 24, 2008 1:15 PM
To: users@xxxxxxxxxxxxxxxx
Subject: Re: How to encrypt traffic between client and apache proxy server

 

 

and use the patch available there.

 

its a pity that this patch still wont make it to the main tree...

----- Original Message -----

From: Stephen Hu

Sent: Thursday, April 24, 2008 8:44 PM

Subject: How to encrypt traffic between client and apache proxy server

 

Hi,

     I was trying to setup a forward proxy solution with apache, but via port 443(SSL) rather than just via 80. So I hope it should work as the following diagram:  

 

Client(IP1:Random)     (IP2:443)Apache(IP2:Random) (IP3:443)Web Server

1  |--------SSL Hand Shake-----(443)|

2  |-CONNECT IP3:443 HTTP/1.1->(443)|

3                                   |----TCP hand shake---(443)|

4  |<-HTTP/1.0 200 Established-(443)|

 

6  |----------------------SSL Hand Shake------------------(443)|

7  |------GET / HTTP/1.1------>(443)|----GET / HTTP/1.1-->(443)|

8  |<------------HTML----------(443)|<---------HTML-------(443)|

 

     So I configured my apache server like this:

<VirtualHost _default_:443>

ProxyRequests On

<Proxy *>

    Order deny,allow

    Allow from all

</Proxy>

 

     I did the following test. It looks like apache works, after SSL hand shake, I sent “CONNECT IP3:443 HTTP/1.1” to apache proxy(encrypted), apache decrypted the CONNECT instruction correctly and tried to connect IP3 and returned “HTTP/1.0 200 Connection Established..”, BUT the only problem is apache returned the HTTP/1.0 200 in PLAN TEXT, so my client doesn’t understand it and stops. Here is the test log:

 

1. Connect to proxy:

openssl s_client -connect IP2:443 -state –debug

 

SSL handshake has read 1361 bytes and written 340 bytes

---

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA

Server public key is 1024 bit

Compression: NONE

Expansion: NONE

SSL-Session:

    Protocol  : TLSv1

    Cipher    : DHE-RSA-AES256-SHA

    Session-ID: FC2A51765458493165B386D05A1DAF2CEAE4C762078D534ADD862E1802381486

    Session-ID-ctx:

    Master-Key: 695B9E094F07F7ECD0B73EC8E0FC0A441B8A96C41CE2B85E771C85DC5AADC5BBB41F1DDA7F387D62B0C808A6411BFDB6

    Key-Arg   : None

    Krb5 Principal: None

    Start Time: 1209048482

    Timeout   : 300 (sec)

    Verify return code: 18 (self signed certificate)

---

 

2. I sent CONNECT instruction:

CONNECT 209.47.41.27:443 HTTP/1.1

Host: www.testhost.com

 

SSL3 alert write:fatal:protocol version

32713:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:288:

 

SSL3 alert write:warning:close notify

 

     I traced on proxy server, actually, it returned: “HTTP/1.0 200 Connection Established..” in PLAN TEXT and caused this problem.

 

Very Best Regards!
Stephen

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux