591901 – proxy_http doesn't set the hostname when doing reverse proxy

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 591901 - proxy_http doesn't set the hostname when doing reverse proxy

Summary: proxy_http doesn't set the hostname when doing reverse proxy

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	mod_nss
Sub Component:
Version:	6.0
Hardware:	All
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Rob Crittenden
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:	591224
Blocks:
TreeView+	depends on / blocked

Reported:	2010-05-13 13:03 UTC by Rob Crittenden
Modified:	2015-01-04 23:42 UTC (History)
CC List:	7 users (show)
Fixed In Version:	mod_nss-1_0_8-7_el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:	591224
Environment:
Last Closed:	2010-11-11 14:51:27 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
a simple test for proxying to SSL server. (780 bytes, text/plain) 2010-08-31 18:54 UTC, Kashyap Chamarthy	no flags	Details
View All

Description Rob Crittenden 2010-05-13 13:03:57 UTC

This needs to be fixed or is a regression from EL 5.

+++ This bug was initially created as a clone of Bug #591224 +++

Created an attachment (id=413202)
copy the hostname into the client connection structure

*NOTE* This is copied verbatim from the upstream bug report by Rob Crittenden*NOTE*

Description of problem:
When doing a reverse proxy the proxy client connection remote_host field isn't
populated. Since this is already available as a result of the ProxyPassReverse
entry it makes sense to pass this on.

Otherwise a client that may want this hostname value has no access to it until
the request is being processed and in the case of an input filter that does
something like SSL may be too late. 

SSL connections should compare the requested hostname value with the certificate
subject returned by remote server. This is the only protection against
man-in-the-middle attacks. Once mod_proxy populates this field then SSL
connections can do this comparison.

Version-Release number of selected component (if applicable):
httpd-2.2.15-1.fc12.2

How reproducible:
Always

Steps to Reproduce:
1. Create a ssl reverse proxy
2. Install mod_nss
3. Remove mod_ssl
4. Try to use the ssl reverse proxy.
  
Actual results:
mod_nss errors with: "SSL Proxy: I don't have the name of the host we're supposed to connect to so I can't verify that we are connecting to who we think we should be. Giving up. Hint: See Apache bug 36468."

Expected results:
The reverse proxy works and traffic is passed

Additional info:
This was originally reported by Rob Crittenden against 2.0.4.  I have tested the uploaded patch that was supplied by Rob Crittenden.  It works using mod_nss.

--- Additional comment from rcritten on 2010-05-11 14:00:49 EDT ---

Joe, this is your patch from EL5.

--- Additional comment from jorton on 2010-05-12 03:16:48 EDT ---

This got done differently upstream.  As of 2.2.12 I think, the proxy sets 
the "proxy-request-hostname" note in r->connection->notes with the hostname of the backend - you need to change mod_nss to use this instead of the custom hack we used in RHEL5.

--- Additional comment from joshkayse on 2010-05-12 16:56:07 EDT ---

from what i can tell of mod_nss, it is checking in pre_connection which doesn't have access to the request_rec r

--- Additional comment from joshkayse on 2010-05-12 17:50:40 EDT ---

(In reply to comment #3)
> from what i can tell of mod_nss, it is checking in pre_connection which doesn't
> have access to the request_rec r    

nvm, i see how it can be done.

I've created a patch but haven't had a chance to test it yet.  I'll test it tomorrow and upload it when it works.

--- Additional comment from joshkayse on 2010-05-13 08:48:16 EDT ---

Created an attachment (id=413752)
uses value of proxy-request-hostname in c->notes instead of c->remote_host

This patch changes mod_nss to use the value of proxy-request-hostname in c->notes instead of c->remote_host

This is the same method used by mod_ssl and the recommended upstream method per comment 2.

Comment 5 Kashyap Chamarthy 2010-08-31 18:41:58 UTC

Verified with mod_nss-1.0.8-8.el6.x86_64

Attached are is the rhts script used to verify

Successful output from /var/log/httpd/error_log 
======================================================================
[root@colossus ~]# cat /var/log/httpd/error_log 
[Tue Aug 31 11:06:19 2010] [debug] proxy_util.c(2576): proxy: HTTPS: connection complete to [::1]:8443 (localhost)
[Tue Aug 31 11:06:19 2010] [info] Connection to child 0 established (server colossus.dsdev.sjc.redhat.com:80, client ::1)
[Tue Aug 31 11:06:19 2010] [error] SSL Proxy: Possible man-in-the-middle attack. The remove server is colossus.dsdev.sjc.redhat.com, we expected localhost
[Tue Aug 31 11:06:19 2010] [info] SSL library error -12276 writing data
[Tue Aug 31 11:06:19 2010] [info] SSL Library Error: -12276 Requested domain name does not match the server's certificate
[Tue Aug 31 11:06:19 2010] [error] (20014)Internal error: proxy: pass request body failed to [::1]:8443 (localhost)
[Tue Aug 31 11:06:19 2010] [error] proxy: pass request body failed to [::1]:8443 (localhost) from 10.14.1.213 ()
[Tue Aug 31 11:06:19 2010] [debug] proxy_util.c(2029): proxy: HTTPS: has released connection for (localhost)
[Tue Aug 31 11:06:19 2010] [debug] nss_engine_io.c(656): SSL connection destroyed without being closed
[Tue Aug 31 11:06:19 2010] [error] SSL Library Error: -12271 SSL client cannot verify your certificate
[Tue Aug 31 11:15:42 2010] [info] removed PID file /etc/httpd/run/httpd.pid (pid=18788)
[Tue Aug 31 11:15:42 2010] [notice] caught SIGTERM, shutting down
[Tue Aug 31 11:15:42 2010] [info] Shutting down SSL Session ID Cache
[Tue Aug 31 11:15:42 2010] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue Aug 31 11:15:42 2010] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Aug 31 11:15:42 2010] [info] Initializing SSL Session Cache of size 10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400.
[Tue Aug 31 11:15:43 2010] [info] Init: Seeding PRNG with 144 bytes of entropy
[Tue Aug 31 11:15:43 2010] [info] Init: Initializing (virtual) servers for SSL
[Tue Aug 31 11:15:43 2010] [info] Enabling proxy.
[Tue Aug 31 11:15:43 2010] [debug] nss_engine_init.c(612): Enabling SSL3
[Tue Aug 31 11:15:43 2010] [debug] nss_engine_init.c(788): Configuring permitted SSL ciphers [+rsa_3des_sha,-rsa_null_md5,-rsa_null_sha,+rsa_rc4_128_md5]
[Tue Aug 31 11:15:43 2010] [info] Server: Apache/2.2.15, Interface: mod_nss/2.2.15, Library: NSS/3.12.6.2
[Tue Aug 31 11:15:43 2010] [info] Shutting down SSL Session ID Cache
[Tue Aug 31 11:15:43 2010] [notice] Digest: generating secret for digest authentication ...
[Tue Aug 31 11:15:43 2010] [notice] Digest: done
[Tue Aug 31 11:15:43 2010] [debug] util_ldap.c(2058): LDAP merging Shared Cache conf: shm=0x7fa1f6cb9488 rmm=0x7fa1f6cb94e0 for VHOST: colossus.dsdev.sjc.redhat.com
[Tue Aug 31 11:15:43 2010] [info] APR LDAP: Built with OpenLDAP LDAP SDK
[Tue Aug 31 11:15:43 2010] [info] LDAP: SSL support available
[Tue Aug 31 11:15:43 2010] [info] Initializing SSL Session Cache of size 10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400.
[Tue Aug 31 11:15:43 2010] [info] Server: Apache/2.2.15, Interface: mod_nss/2.2.15, Library: NSS/3.12.6.2
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 18961 for worker https://colossus.dsdev.sjc.redhat.com:8443/
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 18961 for (colossus.dsdev.sjc.redhat.com)
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 18961 for worker proxy:reverse
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 18961 for (*)
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 18962 for worker https://colossus.dsdev.sjc.redhat.com:8443/
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1837): proxy: worker https://colossus.dsdev.sjc.redhat.com:8443/ already initialized
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 18962 for (colossus.dsdev.sjc.redhat.com)
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 18962 for worker proxy:reverse
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 18962 for (*)
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 18963 for worker https://colossus.dsdev.sjc.redhat.com:8443/
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1837): proxy: worker https://colossus.dsdev.sjc.redhat.com:8443/ already initialized
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 18963 for (colossus.dsdev.sjc.redhat.com)
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 18963 for worker proxy:reverse
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 18963 for (*)
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 18964 for worker https://colossus.dsdev.sjc.redhat.com:8443/
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1837): proxy: worker https://colossus.dsdev.sjc.redhat.com:8443/ already initialized
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 18964 for (colossus.dsdev.sjc.redhat.com)
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 18964 for worker proxy:reverse
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 18964 for (*)
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 18965 for worker https://colossus.dsdev.sjc.redhat.com:8443/
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1837): proxy: worker https://colossus.dsdev.sjc.redhat.com:8443/ already initialized
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 18965 for (colossus.dsdev.sjc.redhat.com)
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 18965 for worker proxy:reverse
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 18965 for (*)
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 18966 for worker https://colossus.dsdev.sjc.redhat.com:8443/
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1837): proxy: worker https://colossus.dsdev.sjc.redhat.com:8443/ already initialized
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 18966 for (colossus.dsdev.sjc.redhat.com)
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 18966 for worker proxy:reverse
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 18966 for (*)
[Tue Aug 31 11:15:43 2010] [notice] Apache/2.2.15 (Unix) DAV/2 mod_nss/2.2.15 NSS/3.12.6.2 configured -- resuming normal operations
[Tue Aug 31 11:15:43 2010] [info] Server built: Aug 14 2010 08:53:20
[Tue Aug 31 11:15:43 2010] [debug] prefork.c(1013): AcceptMutex: sysvsem (default: sysvsem)
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 18967 for worker https://colossus.dsdev.sjc.redhat.com:8443/
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1837): proxy: worker https://colossus.dsdev.sjc.redhat.com:8443/ already initialized
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 18967 for (colossus.dsdev.sjc.redhat.com)
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 18967 for worker proxy:reverse
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 18967 for (*)
[Tue Aug 31 11:15:43 2010] [info] Init: Seeding PRNG with 144 bytes of entropy
[Tue Aug 31 11:15:43 2010] [info] Enabling proxy.
[Tue Aug 31 11:15:43 2010] [debug] nss_engine_init.c(612): Enabling SSL3
[Tue Aug 31 11:15:43 2010] [info] Init: Seeding PRNG with 144 bytes of entropy
[Tue Aug 31 11:15:43 2010] [debug] nss_engine_init.c(788): Configuring permitted SSL ciphers [+rsa_3des_sha,-rsa_null_md5,-rsa_null_sha,+rsa_rc4_128_md5]
[Tue Aug 31 11:15:43 2010] [info] Enabling proxy.
[Tue Aug 31 11:15:43 2010] [debug] nss_engine_init.c(612): Enabling SSL3
[Tue Aug 31 11:15:43 2010] [debug] nss_engine_init.c(788): Configuring permitted SSL ciphers [+rsa_3des_sha,-rsa_null_md5,-rsa_null_sha,+rsa_rc4_128_md5]
[Tue Aug 31 11:15:43 2010] [info] Init: Seeding PRNG with 144 bytes of entropy
[Tue Aug 31 11:15:43 2010] [info] Enabling proxy.
[Tue Aug 31 11:15:43 2010] [debug] nss_engine_init.c(612): Enabling SSL3
[Tue Aug 31 11:15:43 2010] [debug] nss_engine_init.c(788): Configuring permitted SSL ciphers [+rsa_3des_sha,-rsa_null_md5,-rsa_null_sha,+rsa_rc4_128_md5]
[Tue Aug 31 11:15:43 2010] [info] Init: Seeding PRNG with 144 bytes of entropy
[Tue Aug 31 11:15:43 2010] [info] Enabling proxy.
[Tue Aug 31 11:15:43 2010] [debug] nss_engine_init.c(612): Enabling SSL3
[Tue Aug 31 11:15:43 2010] [debug] nss_engine_init.c(788): Configuring permitted SSL ciphers [+rsa_3des_sha,-rsa_null_md5,-rsa_null_sha,+rsa_rc4_128_md5]
[Tue Aug 31 11:15:43 2010] [info] Init: Seeding PRNG with 144 bytes of entropy
[Tue Aug 31 11:15:43 2010] [info] Enabling proxy.
[Tue Aug 31 11:15:43 2010] [debug] nss_engine_init.c(612): Enabling SSL3
[Tue Aug 31 11:15:43 2010] [debug] nss_engine_init.c(788): Configuring permitted SSL ciphers [+rsa_3des_sha,-rsa_null_md5,-rsa_null_sha,+rsa_rc4_128_md5]
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 18968 for worker https://colossus.dsdev.sjc.redhat.com:8443/
[Tue Aug 31 11:15:43 2010] [info] Init: Seeding PRNG with 144 bytes of entropy
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1837): proxy: worker https://colossus.dsdev.sjc.redhat.com:8443/ already initialized
[Tue Aug 31 11:15:43 2010] [info] Enabling proxy.
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 18968 for (colossus.dsdev.sjc.redhat.com)
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 18968 for worker proxy:reverse
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized
[Tue Aug 31 11:15:43 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 18968 for (*)
[Tue Aug 31 11:15:43 2010] [debug] nss_engine_init.c(612): Enabling SSL3
[Tue Aug 31 11:15:43 2010] [debug] nss_engine_init.c(788): Configuring permitted SSL ciphers [+rsa_3des_sha,-rsa_null_md5,-rsa_null_sha,+rsa_rc4_128_md5]
[Tue Aug 31 11:15:43 2010] [info] Init: Seeding PRNG with 144 bytes of entropy
[Tue Aug 31 11:15:43 2010] [info] Enabling proxy.
[Tue Aug 31 11:15:43 2010] [debug] nss_engine_init.c(612): Enabling SSL3
[Tue Aug 31 11:15:43 2010] [debug] nss_engine_init.c(788): Configuring permitted SSL ciphers [+rsa_3des_sha,-rsa_null_md5,-rsa_null_sha,+rsa_rc4_128_md5]
[Tue Aug 31 11:15:43 2010] [info] Init: Seeding PRNG with 144 bytes of entropy
[Tue Aug 31 11:15:43 2010] [info] Enabling proxy.
[Tue Aug 31 11:15:43 2010] [debug] nss_engine_init.c(612): Enabling SSL3
[Tue Aug 31 11:15:43 2010] [debug] nss_engine_init.c(788): Configuring permitted SSL ciphers [+rsa_3des_sha,-rsa_null_md5,-rsa_null_sha,+rsa_rc4_128_md5]
[Tue Aug 31 11:15:44 2010] [debug] mod_proxy_http.c(56): proxy: HTTP: canonicalising URL //colossus.dsdev.sjc.redhat.com:8443/content-bz591224.txt
[Tue Aug 31 11:15:44 2010] [debug] proxy_util.c(1506): [client 10.14.1.213] proxy: https: found worker https://colossus.dsdev.sjc.redhat.com:8443/ for https://colossus.dsdev.sjc.redhat.com:8443/content-bz591224.txt
[Tue Aug 31 11:15:44 2010] [debug] mod_proxy.c(993): Running scheme https handler (attempt 0)
[Tue Aug 31 11:15:44 2010] [debug] mod_proxy_http.c(1962): proxy: HTTP: serving URL https://colossus.dsdev.sjc.redhat.com:8443/content-bz591224.txt
[Tue Aug 31 11:15:44 2010] [debug] proxy_util.c(2011): proxy: HTTPS: has acquired connection for (colossus.dsdev.sjc.redhat.com)
[Tue Aug 31 11:15:44 2010] [debug] proxy_util.c(2067): proxy: connecting https://colossus.dsdev.sjc.redhat.com:8443/content-bz591224.txt to colossus.dsdev.sjc.redhat.com:8443
[Tue Aug 31 11:15:44 2010] [debug] proxy_util.c(2193): proxy: connected /content-bz591224.txt to colossus.dsdev.sjc.redhat.com:8443
[Tue Aug 31 11:15:44 2010] [debug] proxy_util.c(2444): proxy: HTTPS: fam 2 socket created to connect to colossus.dsdev.sjc.redhat.com
[Tue Aug 31 11:15:44 2010] [debug] proxy_util.c(2576): proxy: HTTPS: connection complete to 10.14.1.213:8443 (colossus.dsdev.sjc.redhat.com)
[Tue Aug 31 11:15:44 2010] [info] Connection to child 0 established (server colossus.dsdev.sjc.redhat.com:80, client 10.14.1.213)
[Tue Aug 31 11:15:44 2010] [debug] mod_proxy_http.c(1732): proxy: start body send
[Tue Aug 31 11:15:44 2010] [debug] mod_proxy_http.c(1836): proxy: end body send
[Tue Aug 31 11:15:44 2010] [debug] proxy_util.c(2029): proxy: HTTPS: has released connection for (colossus.dsdev.sjc.redhat.com)
[Tue Aug 31 11:15:44 2010] [debug] nss_engine_io.c(656): SSL connection destroyed without being closed
[root@colossus ~]#

Comment 6 Kashyap Chamarthy 2010-08-31 18:54:35 UTC

Created attachment 442251 [details]
a simple test for proxying to SSL server.

With the below contents in nss.conf
#########################################################
[root@colossus ]# cat nss.conf 
NSSProxyEngine On
NSSProxyCipherSuite +rsa_3des_sha,-rsa_null_md5,-rsa_null_sha,+rsa_rc4_128_md5
NSSProxyProtocol SSLv3

ProxyPass /bz591224/ https://colossus.dsdev.sjc.redhat.com:8443/
ProxyPassReverse /bz591224/ https://colossus.dsdev.sjc.redhat.com:8443/
LogLevel debug
########################################################

Many thanks to rcrit, jorton, ckannan

Comment 7 releng-rhel@redhat.com 2010-11-11 14:51:27 UTC

Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.