You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Qingshan Xie <xi...@yahoo.com> on 2009/02/22 20:23:41 UTC

[users@httpd] questions on TCP connections and Sessions

Hello,  

   I am pretty confused about the TCP connections and sessions in the case of proxy server in the middle.  Here is the case, 

               Browser -> SSL-Proxy Server -> SSL WebServer

there are two parts in this SSL communication, 
1.  Browser -> SSL-Proxy Server.  Browser sends a HTTPS request, SSL-Proxy server terminates the SSL connection.
2. SSL-Proxy Server -> HTTPS WebServer.  SSL-Proxy server as a client re-encrypts the request, sends it to backend HTTPS webServer.

How many sessions will be, one or two?  Can someone help?

Many Thanks, 
Q.Xie



      

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] Re: questions on TCP connections and Sessions

Posted by Nicholas Sherlock <n....@gmail.com>.

Qingshan Xie wrote:
> Hello,  
> 
>    I am pretty confused about the TCP connections and sessions in the case of proxy server in the middle.  Here is the case, 
> 
>                Browser -> SSL-Proxy Server -> SSL WebServer
> 
> there are two parts in this SSL communication, 
> 1.  Browser -> SSL-Proxy Server.  Browser sends a HTTPS request, SSL-Proxy server terminates the SSL connection.
> 2. SSL-Proxy Server -> HTTPS WebServer.  SSL-Proxy server as a client re-encrypts the request, sends it to backend HTTPS webServer.
> 
> How many sessions will be, one or two?  Can someone help?

The only SSL proxy I know of is a HTTP proxy that supports the CONNECT 
method. Basically, the browser connects to the proxy, sends "CONNECT" 
and the name of the host to connect to. The proxy connects to the 
webserver. The proxy relays any bytes sent from the client to the 
webserver, and vice versa. If the client closes the connection, the 
proxy disconnects from the web server, and vice versa. The only thing 
that the proxy gets to see is the call to "CONNECT", everything else it 
cannot view because it is encrypted and it does not have the key.

Cheers,
Nicholas Sherlock

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org