https://bz.apache.org/bugzilla/show_bug.cgi?id=64352
Bug ID: 64352 Summary: Add an equivalent of SSLOpenSSLConfCmd for proxy HTTPS connections Product: Apache httpd-2 Version: 2.5-HEAD Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: mod_ssl Assignee: bugs@httpd.apache.org Reporter: fiona.kl...@gmx.de Target Milestone: --- I need to use Apache HTTPD in a reverse proxy configuration, with HTTPS connections to the backend servers. The problem is that the backend servers must use ECDSA certificates using Brainpool curves, which are not enabled by default in OpenSSL. When using HTTPD as the server, I can enable the needed Brainpool curves using the SSLOpenSSLConfCmd directive (e.g. SSLOpenSSLConfCmd Curves brainpoolP384r1:brainpoolP256r1) but currently there is no such options to configure proxy connections where mod_ssl acts as the TLS client. Because of this mod_ssl always rejects the server certificate, even with the default "SSLProxyVerify none" setting. In line with the existing directives I'm proposing a SSLProxyOpenSSLConfCmd directive to solve that problem. I've made a pull request on Github: https://github.com/apache/httpd/pull/105 This works for me as is, but I'm happy to make adjustments if requested. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org