On 9/16/06, Josh Wyatt <[EMAIL PROTECTED]> wrote:
I have a situation in which I must run an old, insecure Apache (1.3.19, don't
ask...). The application that runs with this webserver requires SSL from the
client. Let's call this oapache.
To help secure this situation, I have built a 2.0.59 with openssl configuration
on this same host. Let's call this proxyapache.
The intent is to configure oapache to listen on the loopback only, and use
proxyapache as the user-facing frontend. For the SSL requirement reason, I use
'SSLProxyEngine on' on proxyapache. This works fine. I've done some trickery
using /etc/hosts for hostnames so that I can even use the same certificate/key
with both apaches.
Here's the request.
The above configuration uses twice the CPU that the old (using only oapache,
listening to the public interface) because it's doing double the SSL work:
User <-> proxyapache
proxyapache <-> oapache
I'd like to use NULL authentication, ciphers, etc to reduce the proxyapache <->
oapache SSL overhead. How can I configure oapache and proxyapache to use NULL for
authentication, ciphers, etc?
I don't know the answer to that. I suspect it is impossible without
modifying the configuratio n of oapache to accept null ciphers.
But in any case, this is silly. Why no just configure oapache to use
ordinary http instead?
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]