TLSv1.2 was added in JDK7...
True. The Apache proxy needs to run on a later version of Java. I'm trying to find a way to have the Apache proxy re-write the 'Connect' to Https tlsv1.2 to avoid a JBoss update. (Jboss 5.1 won't run on JDK7 as I understand)
So my understanding of this so far;
1. Java creates a connection object, using TLS1.0 because its the only protocol available in Java 1.6
2. Java issues a HttpURLConnection.openConnection(proxy) request thru the proxy - This is a request for a tunnel.
3. Apache opens the CONNECT and creates the tunnel to the requested server. No handshake really.
4. Control is passed back to Java to do the handshakes and data transfer, using the Java TLS 1.0 connection object created earlier.
My only goal was to get the Handshake and protocols to be negotiated by Apache, but unless someone has another idea, I'm starting to think this is not possible - outside of upgrading to Java 7 (which causes other issues)
Update: Per a suggestion from another forum, I've got this to work.
My thinking on this was backward. Removed all the proxy code out of Java, and put in a dummy URL for java to call;
In apache, on virtual host 8080 added three lines;
ProxyPass /whatever https://actualHost/...
ProxyPassReverse /whatever https://actualHost/...
and it works.