You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Scott Jones <sc...@on-sitemanager.com> on 2001/11/05 17:33:54 UTC
SSL Detection (mod_jk, openssl, apache)
Hello,
I'd like to restrict a certain area of our application to 128 bit
encryption only, but I want to provide information and links for people
if they don't have the required encryption strength.
I'm using mod_jk-eapi and Tomcat 3.2.3 with AJP 13. I've included the
SSL section into my http.conf (see below).
Are there any variables available to my JSPs/servlets that can help me
determine whether to send people to the 128 bit encryption required
sections or not?
I saw in an article about Tomcat 4 (thanks, google)
[http://www.javaworld.com/javaworld/jw-01-2001/jw-0126-servletapi.html]
that this information is available thanks to the 2.3 Servlet Specs like
this: req.getAttribute("javax.servlet.request.key_size") Is there
something similar for tomcat 3.x? OR, do I need to think about
upgrading to Tomcat 4 sooner rather than later?
Thanks for any suggestions anyone has!
Cheers,
-Scott
###################################################################
# SSL configuration #
#
# By default mod_jk is configured to collect SSL information from
# the apache environment and send it to the Tomcat workers. The
# problem is that there are many SSL solutions for Apache and as
# a result the environment variable names may change.
#
# The following (commented out) JK related SSL configureation
# can be used to customize mod_jk's SSL behaviour.
#
# Should mod_jk send SSL information to Tomact (default is On)
JkExtractSSL On
#
# What is the indicator for SSL (default is HTTPS)
JkHTTPSIndicator HTTPS
#
# What is the indicator for SSL session (default is SSL_SESSION_ID)
JkSESSIONIndicator SSL_SESSION_ID
#
# What is the indicator for client SSL cipher suit (default is
SSL_CIPHER)
JkCIPHERIndicator SSL_CIPHER
#
# What is the indicator for the client SSL certificated (default is
SSL_CLIENT_\CERT)
JkCERTSIndicator SSL_CLIENT_CERT
#
# #
###################################################################
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
Re: Help with Tomcat/Apache/mod_dav
Posted by William Hovingh <wh...@whis.net>.
Earlier, I wrote:
>
> I am running Apache 1.3.20+mod_dav+mod_webapp, with DAV enabled on the
> entire document tree and several resources being served by Catalina
> through the warp/mod_webapp connector.
>
> My problem is that I would like very much for one of those webapps to be
> visible as a (read-only) resource for a DAV client.
I have tracked down my issue to this: What is the mod_webapp
configuration incantation I need to employ to get Apache to pass a
request (of arbitrary method) on to Tomcat if it comes in as, say,
OPTIONS /webappname HTTP/1.1
What I *want* is for this to get the same response as this does:
OPTIONS /webappname/ HTTP/1.1
(where, of course, my webapp has something running at the URL mapping
"/" that returns an appropriate Allow: header).
PLEASE PLEASE PLEASE if anyone knows the magic I need to perform here,
let me know. I am DESPERATE and under GROSS TIME PRESSURE. (And I
promise to summarize how I've done all this once I get it working, since
it's been a good learning experience for me already.)
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
Help with Tomcat/Apache/mod_dav
Posted by William Hovingh <wh...@whis.net>.
I am running Apache 1.3.20+mod_dav+mod_webapp, with DAV enabled on the
entire document tree and several resources being served by Catalina
through the warp/mod_webapp connector.
My problem is that I would like very much for one of those webapps to be
visible as a (read-only) resource for a DAV client. I am nearly to the
point with my servlet code that the webapp behaves properly when the DAV
client connects directly over the HTTP/1.1 connector (by adding the
extra doXXX methods and appropriately overriding the service method to
dispatch to them), but haven't figured out how to get Apache to pretend
that the warp-connected app is DAV enabled.
Any Apache+Warp+Catalina config help that anyone can offer would be much
appreciated.
(I only ask because I haven't seen this anywhere as I RTFM.)
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
Re: SSL Detection (mod_jk, openssl, apache)
Posted by Scott Jones <sc...@on-sitemanager.com>.
I'm still trying to figure out a way to do this SSL encryption strength
detection... It seems that
request.getAttribute("javax.servlet.request.key_size")
is always null even when I've included the SSL configuration options for
mod_jk and my AJP 13 worker...
I've tried this both with Tomcat 3.3 and Tomcat 3.2.3 but keep on
getting the null value. The variables cipher_suite, and ssl_session are
not defined either...
If anybody has any suggestions as to how I might go about doing this,
I'd really appreciate it!
Thanks.
-Scott
On Mon, 2001-11-05 at 08:33, Scott Jones wrote:
> Hello,
>
> I'd like to restrict a certain area of our application to 128 bit
> encryption only, but I want to provide information and links for people
> if they don't have the required encryption strength.
>
> I'm using mod_jk-eapi and Tomcat 3.2.3 with AJP 13. I've included the
> SSL section into my http.conf (see below).
>
> Are there any variables available to my JSPs/servlets that can help me
> determine whether to send people to the 128 bit encryption required
> sections or not?
>
> I saw in an article about Tomcat 4 (thanks, google)
> [http://www.javaworld.com/javaworld/jw-01-2001/jw-0126-servletapi.html]
> that this information is available thanks to the 2.3 Servlet Specs like
> this: req.getAttribute("javax.servlet.request.key_size") Is there
> something similar for tomcat 3.x? OR, do I need to think about
> upgrading to Tomcat 4 sooner rather than later?
>
> Thanks for any suggestions anyone has!
>
> Cheers,
>
> -Scott
>
>
> ###################################################################
> # SSL configuration #
> #
> # By default mod_jk is configured to collect SSL information from
> # the apache environment and send it to the Tomcat workers. The
> # problem is that there are many SSL solutions for Apache and as
> # a result the environment variable names may change.
> #
> # The following (commented out) JK related SSL configureation
> # can be used to customize mod_jk's SSL behaviour.
> #
> # Should mod_jk send SSL information to Tomact (default is On)
> JkExtractSSL On
> #
> # What is the indicator for SSL (default is HTTPS)
> JkHTTPSIndicator HTTPS
> #
> # What is the indicator for SSL session (default is SSL_SESSION_ID)
> JkSESSIONIndicator SSL_SESSION_ID
> #
> # What is the indicator for client SSL cipher suit (default is
> SSL_CIPHER)
> JkCIPHERIndicator SSL_CIPHER
> #
> # What is the indicator for the client SSL certificated (default is
> SSL_CLIENT_\CERT)
> JkCERTSIndicator SSL_CLIENT_CERT
> #
> # #
> ###################################################################
>
>
>
> --
> To unsubscribe: <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>