On 30.01.2014 22:51, Jeff Trawick wrote: > On Thu, Jan 30, 2014 at 2:37 PM, Dr Stephen Henson >> I wasn't sure of the details of the current implementation either. Would >> it be >> appropriate to have SSL_CONF usable with SSLProxy* too? >> > > Surely "yes" is the answer; i.e., there is or will be some optional OpenSSL > processing that could conceivably be appropriate for the TLS client used by > proxy, for which mod_ssl doesn't have specific support.
Yes, I would be in favor of this, too. I.e., adding SSLProxyOpenSSLConfCmd as another directive (alas), then populate the ssl_ctx_param array for the client case, and finally apply these settings in ssl_engine_init.c:ssl_init_proxy_ctx(). Steve, I'm using this opportunity for a short reminder about [1] - any comments about that? Should we try to get this into 2.4.8? Kaspar [1] https://mail-archives.apache.org/mod_mbox/httpd-dev/201401.mbox/%[email protected]%3E
