Correct ...
Probably old app will always land in the first vhost, but only for the ssl
options, the vhost itself works with its own rules of proxypass and proxy
passreverse.
The solutions are two: trash the oldapp or use an ip base vhost.
Best regards
Michele
On Fri, Jul 29, 2016 at 9:02 AM, Danie
Follow Yann's advice, probably your only option is to set different ip for
the virtualhost for this client, most probably Java 1.4 does not support
TLS SNI either so using namedvirtualhosts with SSL for this client will
always land you in the first ssl virtualhost available.
2016-07-28 23:43 GMT+0
On Thu, Jul 28, 2016 at 10:00 PM, Michele Mase' wrote:
>
> Any suggestion?
Ciphers must be negotiated before HTTP is decrypted (and hence vhost
selection can happen).
With SSLHonorCipherOrder off, the negotiated cipher is probably
RC4-SHA (the one preferred by the client).
With SSLHonorCipherOrde
True. Unluckily I cannot change the app, and obviously the app must work (I
know, it's a silly thing).
The problem in short:
Legacy java webapp axis based bla bla bla ... (it does some post actions)
works with the following:
SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRS
This has nothing to do with sslhonorcipherorder
Java 1.4 certainly does not support any ecdhe cipher and even less anything
greater than tlv1.0 if I remember correctly.
Java even tends to accept ciphers it can't deal later on once the ssl
negotiation has started
So,for such a dated client you sh
I've a reverse proxy based on apache 2.2.x (centos6.x) with soma name based
virtualhosts; trying to connect with an old app axis and java1.4.2.x based,
it only works with the following configuration:
SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA
