Quoting David Marshall <[EMAIL PROTECTED]>: > I did not believe that the packet headers had enough information for > Apache > to determine what to do. So, it must decrpyt the message with the > certificate.
That's right. For Apache to accept an SSL connection as a reverse proxy it must decode it. What Michael wants is a generic TCP proxy. Think of it this way. When you configure Apache to accept SSL you have to have configure it with an SSL certificate. Why? So it can authenticate and subsequently decrypt the packets. Furthermore Apache cannot act as in initiator of SSL connections; I've spent many many hours testing this and everybody I've asked has said the same. I'd look at the code but I have no reason to believe there's any there to do this. The only way Apache can act as an SSL proxy is using the CONNECT method as a forward proxy. This is not what he is looking for. Squid can't do this either. Nor can Apache derived servers like IBM HTTPServer or Stronghold. I shouldn't think it would be all that hard to modify Apache to do it. However I don't see the point when what you are doing is emulating a TCP proxy. Unless you want caching or content based routing. There are many generic TCP proxies. Look on Freshmeat or Sourceforge; or your average firewall like Firewall-1 can do this. IBM Edgeserver (the Caching Proxy component) has this capability too. But there are many possible scenarios and requirements; for some there is no one product to do the job. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
