You need SSLProxyCipherSuite NULL-SHA
You also need to make sure that your backend server is configured to accept NULL ciphers. -ascs -----Message d'origine----- De : Qingshan Xie [mailto:[EMAIL PROTECTED] Envoyé : jeudi 31 janvier 2008 01:37 À : Krist van Besien; users@httpd.apache.org Objet : Re: [EMAIL PROTECTED] Can Apache Proxy server to proxy the HTTP requests to the backend HTTPS/SSL server? Krist, Thanks for your suggestion. I did the test by the below configuration, SSLCipherSuite NULL-SHA but got 500 error in broswer, the error_log has the following errors: [Wed Jan 30 15:11:55 2008] [debug] ssl_engine_kernel.c(1768): OpenSSL: Exit: error in SSLv3 read client h ello B [Wed Jan 30 15:11:55 2008] [info] SSL library error 1 in handshake (server qixie-lnx.cisco.com:443, clien t 171.71.84.41) [Wed Jan 30 15:11:55 2008] [info] SSL Library Error: 336109761 error:1408A0C1:SSL routines:SSL3_GET_CLIEN T_HELLO:no shared cipher Too restrictive SSLCipherSuite or using DSA server certificate? [Wed Jan 30 15:11:55 2008] [info] Connection to child 64 closed with abortive shutdown(server qixie-lnx.c isco.com:443, client 171.71.84.41) Seems the ciphersuite NULL-SHA caused the ssl-handshake failure. Any idea to fix it? Many Thanks, Q.Xie ----- Original Message ---- From: Krist van Besien <[EMAIL PROTECTED]> To: users@httpd.apache.org Sent: Friday, January 25, 2008 1:18:54 AM Subject: Re: [EMAIL PROTECTED] Can Apache Proxy server to proxy the HTTP requests to the backend HTTPS/SSL server? On Jan 25, 2008 12:22 AM, Qingshan Xie <[EMAIL PROTECTED]> wrote: > Dear Friends, > > We configured a HTTPS proxy server successfully to server the HTTPS requests. However, we also want to configure a HTTP proxy server to handle the HTTP requests but proxy the HTTP requests to the backend SSL(or HTTPS) server. The request flow is as below, > > HTTP request ==> proxy server ==> HTTPS( or SSL) server? > > Can Apache proxy do it? Please help. Apache can do this. Read the info in the manual on the following directives: SSLProxyEngine SSLProxyCACertificatePath Krist -- [EMAIL PROTECTED] [EMAIL PROTECTED] Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
