https://bz.apache.org/bugzilla/show_bug.cgi?id=64352
Bug ID: 64352
Summary: Add an equivalent of SSLOpenSSLConfCmd for proxy HTTPS
connections
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
Assignee: bugs@httpd.apache.org
Reporter: fiona.kl...@gmx.de
Target Milestone: ---
I need to use Apache HTTPD in a reverse proxy configuration, with HTTPS
connections to the backend servers. The problem is that the backend servers
must use ECDSA certificates using Brainpool curves, which are not enabled by
default in OpenSSL.
When using HTTPD as the server, I can enable the needed Brainpool curves using
the SSLOpenSSLConfCmd directive (e.g. SSLOpenSSLConfCmd Curves
brainpoolP384r1:brainpoolP256r1) but currently there is no such options to
configure proxy connections where mod_ssl acts as the TLS client. Because of
this mod_ssl always rejects the server certificate, even with the default
"SSLProxyVerify none" setting.
In line with the existing directives I'm proposing a SSLProxyOpenSSLConfCmd
directive to solve that problem. I've made a pull request on Github:
https://github.com/apache/httpd/pull/105
This works for me as is, but I'm happy to make adjustments if requested.
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org
