6.0.0-git
2021-01-18

[#5568] allow for hardware ssl termination
Summary allow for hardware ssl termination
Queue Horde Framework Packages
Queue Version HEAD
Type Enhancement
State Resolved
Priority 1. Low
Owners
Requester adrieder (at) sbox (dot) tugraz (dot) at
Created 2007-07-19 (4932 days ago)
Due 07/19/2007 (4932 days ago)
Updated 2007-08-03 (4917 days ago)
Assigned
Resolved 2007-08-03 (4917 days ago)
Milestone
Patch No

History
2007-08-03 19:07:44 Chuck Hagenbuch Comment #8
State ⇒ Resolved
Reply to this comment
Looks good to me - committed, thanks!
2007-08-03 18:38:41 Chuck Hagenbuch Deleted Original Message
 
2007-08-03 18:38:34 Chuck Hagenbuch Deleted Original Message
 
2007-07-19 12:09:27 adrieder (at) sbox (dot) tugraz (dot) at Comment #7
New Attachment: conf.xml.2.patch Download
Reply to this comment
conf.xml.patch
2007-07-19 12:08:14 adrieder (at) sbox (dot) tugraz (dot) at Comment #6
New Attachment: Crypt.php.2.patch Download
Reply to this comment
ok, how about this...
2007-07-19 11:05:53 Jan Schneider Comment #5 Reply to this comment
In this case I would suggest to move the configuration item next to 
the safe-ip-net-list, and simply make it a "consider all connections 
safe" item, there's no need to make a connection to hw accel cards.
2007-07-19 10:30:12 adrieder (at) sbox (dot) tugraz (dot) at Comment #4 Reply to this comment
I added a similar configuration a few days ago that allows certain IP
ranges to not require SSL connections for passphrases. Can't you use
that one?
I have seen it, but unfortunately it is not usable for me
Or isn't the hardware accelerator the IP client address
that's visible to Horde?
this is exactly the reason why, I can't use your configuration. The 
termination of the ssl connection is donw transparently by the 
loadbalancers crypto card, so the webservers see the real client IPs.
2007-07-19 10:02:16 Jan Schneider Comment #3
State ⇒ Feedback
Reply to this comment
I added a similar configuration a few days ago that allows certain IP 
ranges to not require SSL connections for passphrases. Can't you use 
that one? Or isn't the hardware accelerator the IP client address 
that's visible to Horde?
2007-07-19 08:17:35 adrieder (at) sbox (dot) tugraz (dot) at Comment #2
New Attachment: Crypt-php.patch
Reply to this comment
second patch
2007-07-19 08:16:52 adrieder (at) sbox (dot) tugraz (dot) at Comment #1
Type ⇒ Enhancement
State ⇒ New
Priority ⇒ 1. Low
Summary ⇒ allow for hardware ssl termination
Due ⇒ 2007-07-19
Queue ⇒ Horde Framework Packages
New Attachment: conf.php.patch
Reply to this comment
In our setup we use a hardware crypto card on our load balancer to 
terminate the ssl connections in front of the webservers, so that the 
webserver do not have to care about ssl en/decryption. This means, 
that they just get to deal with plain HTTP and the Horde framework 
won't let a client to submit gpg-passphrases because it see only the 
plain connection.



The following patches allow a config setting for hardware ssl termination.

Note people should set $conf['use_ssl'] = 1 in their config, to make 
sure that all urls are generated as https://...

Saved Queries