> Oh, but if stunnel provides SSL, then the client browser connects to the
> entrypoint of the browser right?
I assume you mean server here.
> And if it would go in as https:// it would
> come out as https:// at the other side of the tunnel. Then apache would see
> an https:// request that it probably doesn't understand. If one insists on
> typing https, I think apache _must_ be configured to handle it.
Nope. Stunnel accepts an SSL connection and then makes _it's own_
connection to the target server and actively hands packets back and
forth. Besides the fact that it's actively copying packets it also quits
after each connect so you can't cache the SSL state. It's the
re-initialization od the SSL engine for every request that makes this a
heavyweight solution.
With stunnel you can ssl-ize _any_ kind of service, and the service
doesn't (need to) know about it. I use stunnel for my secure-imap
connection for example, while my imap daemon has no ssl support at all.
Another downside to using stunnel is that all connections will appear to
come from localhost from apaches' point of view, so if you want logstats
stunnel is right out.
Emile
--
This is The Midgard Project's mailing list. For more information,
please visit the project's web site at http://www.midgard-project.org
To unsubscribe the list, send an empty email message to address
[EMAIL PROTECTED]
