You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Scott Jones <sc...@on-sitemanager.com> on 2001/11/05 17:33:54 UTC

SSL Detection (mod_jk, openssl, apache)

Hello,

I'd like to restrict a certain area of our application to 128 bit
encryption only, but I want to provide information and links for people
if they don't have the required encryption strength.  

I'm using mod_jk-eapi and Tomcat 3.2.3 with AJP 13.  I've included the
SSL section into my http.conf (see below).

Are there any variables available to my JSPs/servlets that can help me
determine whether to send people to the 128 bit encryption required
sections or not?

I saw in an article about Tomcat 4 (thanks, google)
[http://www.javaworld.com/javaworld/jw-01-2001/jw-0126-servletapi.html]
that this information is available thanks to the 2.3 Servlet Specs like
this:  req.getAttribute("javax.servlet.request.key_size")  Is there
something similar for tomcat 3.x?  OR, do I need to think about
upgrading to Tomcat 4 sooner rather than later?

Thanks for any suggestions anyone has!

Cheers,

-Scott


###################################################################
#                     SSL configuration                           #
#
# By default mod_jk is configured to collect SSL information from
# the apache environment and send it to the Tomcat workers. The
# problem is that there are many SSL solutions for Apache and as
# a result the environment variable names may change.
#
# The following (commented out) JK related SSL configureation
# can be used to customize mod_jk's SSL behaviour.
#
# Should mod_jk send SSL information to Tomact (default is On)
 JkExtractSSL On
#
# What is the indicator for SSL (default is HTTPS)
 JkHTTPSIndicator HTTPS
#
# What is the indicator for SSL session (default is SSL_SESSION_ID)
 JkSESSIONIndicator SSL_SESSION_ID
#
# What is the indicator for client SSL cipher suit (default is
SSL_CIPHER)
 JkCIPHERIndicator SSL_CIPHER
#
# What is the indicator for the client SSL certificated (default is
SSL_CLIENT_\CERT)
 JkCERTSIndicator SSL_CLIENT_CERT
#
#                                                                 #
###################################################################



--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>

Re: Help with Tomcat/Apache/mod_dav

Posted by William Hovingh <wh...@whis.net>.

Earlier, I wrote:
> 
> I am running Apache 1.3.20+mod_dav+mod_webapp, with DAV enabled on the
> entire document tree and several resources being served by Catalina
> through the warp/mod_webapp connector.
> 
> My problem is that I would like very much for one of those webapps to be
> visible as a (read-only) resource for a DAV client.

I have tracked down my issue to this: What is the mod_webapp
configuration incantation I need to employ to get Apache to pass a
request (of arbitrary method) on to Tomcat if it comes in as, say, 
OPTIONS /webappname HTTP/1.1

What I *want* is for this to get the same response as this does:
OPTIONS /webappname/ HTTP/1.1

(where, of course, my webapp has something running at the URL mapping
"/" that returns an appropriate Allow: header).

PLEASE PLEASE PLEASE if anyone knows the magic I need to perform here,
let me know.  I am DESPERATE and under GROSS TIME PRESSURE.  (And I
promise to summarize how I've done all this once I get it working, since
it's been a good learning experience for me already.)

--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>

Help with Tomcat/Apache/mod_dav

Posted by William Hovingh <wh...@whis.net>.

I am running Apache 1.3.20+mod_dav+mod_webapp, with DAV enabled on the 
entire document tree and several resources being served by Catalina 
through the warp/mod_webapp connector.

My problem is that I would like very much for one of those webapps to be 
visible as a (read-only) resource for a DAV client.  I am nearly to the 
point with my servlet code that the webapp behaves properly when the DAV 
client connects directly over the HTTP/1.1 connector (by adding the 
extra doXXX methods and appropriately overriding the service method to 
dispatch to them), but haven't figured out how to get Apache to pretend 
that the warp-connected app is DAV enabled.

Any Apache+Warp+Catalina config help that anyone can offer would be much 
appreciated.

(I only ask because I haven't seen this anywhere as I RTFM.)


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>

Re: SSL Detection (mod_jk, openssl, apache)

Posted by Scott Jones <sc...@on-sitemanager.com>.

I'm still trying to figure out a way to do this SSL encryption strength
detection...  It seems that 

	request.getAttribute("javax.servlet.request.key_size") 

is always null even when I've included the SSL configuration options for
mod_jk and my AJP 13 worker...  

I've tried this both with Tomcat 3.3 and Tomcat 3.2.3 but keep on
getting the null value.  The variables cipher_suite, and ssl_session are
not defined either...  

If anybody has any suggestions as to how I might go about doing this,
I'd really appreciate it!  

Thanks.

-Scott

On Mon, 2001-11-05 at 08:33, Scott Jones wrote:
> Hello,
> 
> I'd like to restrict a certain area of our application to 128 bit
> encryption only, but I want to provide information and links for people
> if they don't have the required encryption strength.  
> 
> I'm using mod_jk-eapi and Tomcat 3.2.3 with AJP 13.  I've included the
> SSL section into my http.conf (see below).
> 
> Are there any variables available to my JSPs/servlets that can help me
> determine whether to send people to the 128 bit encryption required
> sections or not?
> 
> I saw in an article about Tomcat 4 (thanks, google)
> [http://www.javaworld.com/javaworld/jw-01-2001/jw-0126-servletapi.html]
> that this information is available thanks to the 2.3 Servlet Specs like
> this:  req.getAttribute("javax.servlet.request.key_size")  Is there
> something similar for tomcat 3.x?  OR, do I need to think about
> upgrading to Tomcat 4 sooner rather than later?
> 
> Thanks for any suggestions anyone has!
> 
> Cheers,
> 
> -Scott
> 
> 
> ###################################################################
> #                     SSL configuration                           #
> #
> # By default mod_jk is configured to collect SSL information from
> # the apache environment and send it to the Tomcat workers. The
> # problem is that there are many SSL solutions for Apache and as
> # a result the environment variable names may change.
> #
> # The following (commented out) JK related SSL configureation
> # can be used to customize mod_jk's SSL behaviour.
> #
> # Should mod_jk send SSL information to Tomact (default is On)
>  JkExtractSSL On
> #
> # What is the indicator for SSL (default is HTTPS)
>  JkHTTPSIndicator HTTPS
> #
> # What is the indicator for SSL session (default is SSL_SESSION_ID)
>  JkSESSIONIndicator SSL_SESSION_ID
> #
> # What is the indicator for client SSL cipher suit (default is
> SSL_CIPHER)
>  JkCIPHERIndicator SSL_CIPHER
> #
> # What is the indicator for the client SSL certificated (default is
> SSL_CLIENT_\CERT)
>  JkCERTSIndicator SSL_CLIENT_CERT
> #
> #                                                                 #
> ###################################################################
> 
> 
> 
> --
> To unsubscribe:   <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>



--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>