Thank you so much Emmanuel. I applied patch. Everything is working good now. Perfect!
Very Best Regards! Stephen From: Emmanuel E [mailto:[EMAIL PROTECTED] Sent: April 24, 2008 1:15 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] How to encrypt traffic between client and apache proxy server check out https://issues.apache.org/bugzilla/show_bug.cgi?id=29744 and use the patch available there. its a pity that this patch still wont make it to the main tree... ----- Original Message ----- From: Stephen Hu <mailto:[EMAIL PROTECTED]> To: users@httpd.apache.org Sent: Thursday, April 24, 2008 8:44 PM Subject: [EMAIL PROTECTED] How to encrypt traffic between client and apache proxy server Hi, I was trying to setup a forward proxy solution with apache, but via port 443(SSL) rather than just via 80. So I hope it should work as the following diagram: Client(IP1:Random) (IP2:443)Apache(IP2:Random) (IP3:443)Web Server 1 |--------SSL Hand Shake-----(443)| 2 |-CONNECT IP3:443 HTTP/1.1->(443)| 3 |----TCP hand shake---(443)| 4 |<-HTTP/1.0 200 Established-(443)| 6 |----------------------SSL Hand Shake------------------(443)| 7 |------GET / HTTP/1.1------>(443)|----GET / HTTP/1.1-->(443)| 8 |<------------HTML----------(443)|<---------HTML-------(443)| So I configured my apache server like this: <VirtualHost _default_:443> ProxyRequests On <Proxy *> Order deny,allow Allow from all </Proxy> I did the following test. It looks like apache works, after SSL hand shake, I sent "CONNECT IP3:443 HTTP/1.1" to apache proxy(encrypted), apache decrypted the CONNECT instruction correctly and tried to connect IP3 and returned "HTTP/1.0 200 Connection Established..", BUT the only problem is apache returned the HTTP/1.0 200 in PLAN TEXT, so my client doesn't understand it and stops. Here is the test log: 1. Connect to proxy: openssl s_client -connect IP2:443 -state -debug SSL handshake has read 1361 bytes and written 340 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: FC2A51765458493165B386D05A1DAF2CEAE4C762078D534ADD862E1802381486 Session-ID-ctx: Master-Key: 695B9E094F07F7ECD0B73EC8E0FC0A441B8A96C41CE2B85E771C85DC5AADC5BBB41F1DDA7F38 7D62B0C808A6411BFDB6 Key-Arg : None Krb5 Principal: None Start Time: 1209048482 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- 2. I sent CONNECT instruction: CONNECT 209.47.41.27:443 HTTP/1.1 Host: www.testhost.com SSL3 alert write:fatal:protocol version 32713:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:288: SSL3 alert write:warning:close notify I traced on proxy server, actually, it returned: "HTTP/1.0 200 Connection Established.." in PLAN TEXT and caused this problem. Very Best Regards! Stephen
