You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Daniel Seyffer <to...@seyffer.de> on 2001/11/09 23:48:05 UTC

Apache SSL + Tomcat question

Hi all,

Assuming that Apache and Tomcat (4.0.1 using mod_webapp) are running on a
single machine and Apache is correctly configured to provide content through
SSL/https.

If I'm now accesing a page like https://server/examples/ everything seems to
work just fine.

So just to be sure: is my assumption correct that all connections to the
server are now fully encrypted using https, and that just "localhost"
connections from the apache to tomcat through mod_webapp are unencrypted?
(which is probably not really sensitive, if both are located on a single
host and unless you do not assume someone is able to install a sniffer your
server...) So I don't have to care about configuring Tomcat itself for SSL,
right?

I've already been sniffing on the net for myself, but there is quite some
traffic, and well... just to be sure to hear some comments on this... :)

Greetings,
Daniel






--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>