Here is my use case (not necessarily specific to mod_gnutls): TLS termination is handled by mod_gnutls However, apache is also acting as a reverse proxy and it is required to communicate the authenticated identity to a backend process. What are my options? Thanks.