jesus at omniti
Mar 16, 2003, 8:51 AM
Post #2 of 2
(915 views)
Permalink
|
The last thing you want to do is forward a connection over SSL. That
means you incur the cost of key negotiation between server A and the
client C (which you always do), but then you have to also incur it
between server A and server B -- which is expensive and simply a dumb
approach.
Instead you provide the same service over HTTP and allow your servers
to redirect to each other over unencrypted HTTP (port 80). Then only
expose the SSL to the public. It works like a charm. Your servers
here are on a LAN and mod_backhand itself expects that environment to
be reasonably secure.
CLIENT <-- HTTPS --> Server A
Server A <-- HTTP --> Server B
On Saturday, Mar 15, 2003, at 13:37 US/Eastern, Liam Hoekenga wrote:
> If I specified port 80 for both of our machines in the MulticastStats
> line, one shows up at 80 and one at 443. Contrary to my prior message
> It looks like I *am* getting backhanded to another server occasionally
> ("Backhand removeSelf" didn't seem to do what I thought it would).
>
> When I do get passed to the new server, I get an error..
> the url looks like...
>
> https://dev.mail.umich.edu/mod_ssl%3Aerror%3AHTTP-request
>
> Not Found
> The requested URL /mod_ssl:error:HTTP-request was not found on
> this server.
>
> I still don't know why if both machines are set to port 80 in the
> MulticastStats line, that one of them insists on listening on 443.
> I'm open for ideas there..
>
> So... I tried setting both of them to listen on port 443, restart, and
> when I get backhanded, I get:
>
> Bad Request
> Your browser sent a request that this server could not understand.
>
> Reason: You're speaking plain HTTP to an SSL-enabled server port.
> Instead use the HTTPS scheme to access this URL, please.
> Hint: https://backhand-test1.web.itd.umich.edu:443/
>
> I'm using the copy of backhand from CVS - I checked it out on 3/13/03,
> which appears to have support for SSL acc'd to the change log. Is
> there something else I have to specify to make SSL work?
>
> Liam
>
>
> _______________________________________________
> backhand-users mailing list
> backhand-users [at] lists
> http://lists.backhand.org/mailman/listinfo/backhand-users
>
--
Theo Schlossnagle
Principal Consultant
OmniTI Computer Consulting, Inc. -- http://www.omniti.com/
Phone: +1 410 872 4910 x201 Fax: +1 410 872 4911
1024D/82844984/95FD 30F1 489E 4613 F22E 491A 7E88 364C 8284 4984
2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7
|
