I have an apache that redirects any incoming requests towards url-a to url-b. The apache configuration supports both TLSv1.0 and TLSv1.2.
The host behind url-b will only accept TLSv1.2 for performing the SSL handshake. My question is: if a client makes requests to url-a using TLSv1.0, will the request be handled correctly when being redirected to url-b which accepts only TLSv1.2?
So basically the requests will follow this way:
client(TLSv1.0) --> apache(performs handshake with client with TLSv1.0) (redirects request to server, performs handshake with server with TLSv1.2) --> server(TLSv1.2).
My tests showed that it will work, but I don't have in-depth knowledge of apache to 100% confirm this.
Thanks
Made this an answer since it is easier than in comments.
From what I read, you have something like this:
browser asks https://site1/
browser <- site1 -> negotiate SSL
browser <- Redirect to site2
browser asks https://site2/
browser <- site2 -> negotiate SSL
browser <- response from site2
So in this context, the browser negotiates with both sites, one after the other. A redirection is basically telling the browser "I will not answer your query, go see that other site for that". Therefor the browser will talk directly to both sites. Site1 and site2 never negotiate SSL in this scenario.
If you were using a proxy:
browser asks https://site1/
browser <- site1 -> negotiate SSL
site1 asks https://site2/
site1 <- site2 -> negotiate SSL
site1 <- receives response from site2
browser <- receives response from site1
A proxy means the browser only ever talk to site1. It does not even know site2 exists. Site1 talks to site2, therefore in this scenario, site1 and site2 must negotiate certificates with each other.