Apache HTTPS reverse proxy with SNI without key on the proxy

Question

example1.com and example2.com resolve to host0. host0 runs an Apache reverse proxy with two VirtualHosts. It delegates requests for example1.com to host1 and for example2.com to host2.

Using http in all places, that clearly can be made to work.

Using https, I could stick the keys for example1.com and example2.com on host0, and then have host0 talk http or https to host1 and host2. Given SNI, that should work, too.

My question: can it be made to work without the example1.com or example2.com keys on host0? I'd like to avoid that host0 is in a position to perform a man-in-the-middle attack.

If I understand SNI correctly, the key material is only exchanged after the client has communicated the desired virtual host to host0. This should be (?) sufficient information for Apache to essentially forward the connection to host1 or host2, without looking at the content of the transmission at all. That does not require key material at all.

Answer 1

Do you really need Apache reverse proxy, or you need the problem solved? I had the same problem and I resolved it with HAProxy in tcp mode as described here http://blog.haproxy.com/2012/04/13/enhanced-ssl-load-balancing-with-server-name-indication-sni-tls-extension/ instead of Apache reverse proxy.