On Mon, Jul 4, 2016 at 5:36 PM, Yann Ylavic wrote:
> On Mon, Jul 4, 2016 at 5:00 PM, Marat Khalili wrote:
>> On 04/07/16 17:29, Eric Covener wrote:
>>>
>>> SNI is in the ClientHello, you'd be able to eliminate/confirm that bit.
>>
>>
>> Yes you're right. But now I cannot reproduce original proble
On Mon, Jul 4, 2016 at 5:00 PM, Marat Khalili wrote:
> On 04/07/16 17:29, Eric Covener wrote:
>>
>> SNI is in the ClientHello, you'd be able to eliminate/confirm that bit.
>
>
> Yes you're right. But now I cannot reproduce original problem. And SNI is
> correctly transferred from client in packet
On 04/07/16 17:29, Eric Covener wrote:
SNI is in the ClientHello, you'd be able to eliminate/confirm that bit.
Yes you're right. But now I cannot reproduce original problem. And SNI
is correctly transferred from client in packet capture. Either the
problem is transient or it's gone. Will post
On Mon, Jul 4, 2016 at 10:17 AM, Marat Khalili wrote:
> Tried to already. Seems like Wireshark cannot decrypt TLS 1.2 exchange with
> Server Key Exchange part present.
SNI is in the ClientHello, you'd be able to eliminate/confirm that bit.
--
Eric Covener
cove...@gmail.com
On 04/07/16 16:19, Eric Covener wrote:
packet capture.
Tried to already. Seems like Wireshark cannot decrypt TLS 1.2 exchange
with Server Key Exchange part present.
--
With Best Regards,
Marat Khalili
-
To unsubscribe, e-ma
On Mon, Jul 4, 2016 at 3:07 AM, Marat Khalili wrote:
>> SNI (in the SSL handshake) which is not set when using SSL?
>
> I don't know how to check what Apache is actually sending to back-end
> server.
packet capture.
-
To unsubsc
On 01/07/16 23:19, Yann Ylavic wrote:
On Fri, Jul 1, 2016 at 6:26 PM, Marat Khalili wrote:
Is the header Host sent by the proxy different from the one sent by
the client (with and without using SSL) or are you talking about the
SNI (in the SSL handshake) which is not set when using SSL?
I don't
On Fri, Jul 1, 2016 at 6:26 PM, Marat Khalili wrote:
>
> Because of SSL the problem is somewhat hard to debug, can't just packet
> trace. I tried to replace IIS application with CGI script on different
> Apache, without SSL, and found that ProxyPreserveHost is not ignored
> (environment variable S
Dear all,
I'm reverse proxying requests on Apache/2.4.18 (stock version on Ubuntu
16.04) via SSL to an application running on IIS 7.0. Somehow, despite
ProxyPreserveHost, IIS app manages to sniff IP-address 10.1.2.3
specified in ProxyPass (see below) and breaks. If I replace 10.1.2.3
with mya
