-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Konstantin,
On 9/10/13 8:03 AM, Konstantin Kolinko wrote: >> Somewhat off-topic, but I was wondering if anyone knew of any >> package or technique that could be used to tunnel an arbitrary >> protocol via TLS? >> >> In this particular case, I need to wrap HTTP in TLS (to make >> HTTPS :) without modifying the source of the client -- and the >> client does not support HTTPS. :( >> >> So far, I've come up with the following possibilities: >> >> (...) >> >> 2. Use an HTTP proxy. This obviously wouldn't support an >> "arbitrary" protocol, but I think it would get the job done. Any >> suggestions for simply and free proxy software? About all I need >> to do is configure a client SSL certificate. >> > > Apache HTTPD can be configured as a proxy for remote HTTPS server. > > You will need mod_proxy (ProxyPass https://otherserver/) and > mod_ssl (SSLProxyEngine on). So, something like this: Listen localhost:1234 <VirtualHost localhost:1234> ProxyRequests On ProxyPass / https://otherserver/ </VirtualHost> I don't think I'll need SSLPRoxyEngine -- the docs for that directive say you "usually don't need it". Perhaps it is required to use... > I never used authentication by client certificate there, but it > looks that it is possible (SSLProxyMachineCertificateFile). Thanks for the pointer. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSLyJaAAoJEBzwKT+lPKRYFGkP/1GpdURX882CL82QWXFTRZfg Xiqe1lXZ+lh6iTIyoFJTEZtkwvjhQ1I5i63UMB8qn3C0BaImVGaGFJrZZJbmgoGl qKo1ivyQxOzDQAkdcXo54CFgJ8E8CcSL+kcNCtMKusq2DfQf4WdIB0n/u/EHuhnl sU8yXLFiDqotq1n39OMK0TAupxc1naismaqgEbV6eRHzPv6nXgHkt/y+QIY+O3fV Uvj2QzUAQPadkalxZqdq5EHVW5PIhtczONjFP+I9gBWOWEiz2sOTXIaGr70P4DKm x+1YvGesmhW3y+FczvSxdHvjSykkqNWLlqY919g0a6E+Y0H509q1j2tvbAVXrsEp 00wiozPyaUrX+b79aI0qj+0NXtZeqEDsjG7AtwweYPfPN9F2hOyU12XSIo/pFYqF vrpAYJD7C++0OYmXgLgOjY+elrnZzwDioJKxLoKAj1YalVMLJr1RdJXwZK3cWHyw mMBF0F4wHekcMdPpjV3Iw82sKTOotrkKFLst8OQ6BGHq5OiSpLaQMjTR+/s1KU6D IQt5vWRJgei1906oJ91Ru/KnpJimIqkoFWB0rCM5KOOw3IDjwiXscloiLS6XQsbx 3rUF12DHnZ1xxYCveCVBafTJn5tcfXw69H2cnD6qdOiRRKtedU2sRVnFLxwGmWQM 6uCJf0IRRUWV09gdKWje =yLPp -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
