Hi Nick, thanks for pointing me to TLS/SNI patch which I found in 2.2.12dev working, but this needs a TLS/SNI enabled browser also. We are using IE6 on Windows XP :( My next issue on realising a https proxy would be that that mod_proxy_connect gets the server-name in the request of CONNECT www.server.name. mod_proxy_connect can currently make a direct connection to the www.server.name or forward the CONNECT-request to a remote proxy. Would it a great issue to generate a fake-x509-certificate for www.server.name by a trusted fake-ssl-proxy-ca on the fly (maybe with caching of the fake-certs) and let mod_ssl operate with that fake-x509-certificate for this connection coming out of the mod_proxy_connect ? CONNECT www.server.name -> mod_proxy_connect -> generate or get cached fake-x509-cert for www.server.name -> mod_ssl -> use fake-x509-cert -> mod_proxy -> HAVP virus scanning for decrypted SSL-Session -> let some parent-proxy do an encrypted SSL-Session to the real www.server.name Regards, Dirk -- GMX FreeDSL Komplettanschluss mit DSL 6.000 Flatrate und Telefonanschluss für nur 17,95 Euro/mtl.!* http://portal.gmx.net/de/go/dsl02 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|