https://issues.apache.org/bugzilla/show_bug.cgi?id=55782
Bug ID: 55782
Summary: ProxyPass'ing to HTTPS server via proxypass creates
SNI failure
Product: Apache httpd-2
Version: 2.2.25
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_proxy
Assignee: [email protected]
Reporter: [email protected]
I tried to pass an HTTPS request from an apache 2.2.25 to another apache
2.2.25, which also runs on https. Sometimes the second apache prints the
follwoing failure
[error] Hostname localhost provided via SNI and hostname abc.com provided via
HTTP are different
and a 400 Bad Request failure is displayed inside the browser. The curious
think is that this only happens in 10-15% of the requests!?
The first apache is configured the following way:
SSLProxyEngine On
ProxyPreserveHost On
ProxyPass / https://abc.com/
ProxyPassReverse / https://abc.com/
The servername is set via start parameter "-C 'ServerName abc.com'". The only
option, which completly solved the problem is to disable TSLv1.x for the
backend communication via setting "SSLProxyProtocol SSLv3".
It seems that the failure is based on the following changes in apache 2.2.25
with the activation of SNI for mod_proxy:
„
*) mod_ssl/proxy: enable the SNI extension for backend TLS connections
[Kaspar Brand]
*) mod_proxy: Use the the same hostname for SNI as for the HTTP request when
forwarding to SSL backends. PR 53134.
[Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]
„
http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
