You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Gernot Lepuschitz <gl...@hyperwave.com> on 2002/08/22 14:59:02 UTC
AJP13,Tomcat404 and SSL
As i mentioned last time, i´m writing an AJP Client for our
server. Now that ajp13 supports ssl, I want to implement it, too. But
I don´t really understant how this will work.
I first thought about an Inet-socket-ssl connection to Tomcat where
the whole AJP Request will be ssl encrypted. But then I remembered the
isssl flag within the AJP Protocol, so I thought, that maybe only the
http headers are ssl encrypted (somekind of tunneling the http headers
from the browser to Tomcat without decryption between). But that won´t
work because I have to encode the Strings of the http headers
(key,value).
So, could you tell me how it works?
Many thanks,
Gernot
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: AJP13,Tomcat404 and SSL
Posted by Henri Gomez <hg...@apache.org>.
Quoting Gernot Lepuschitz <gl...@hyperwave.com>:
> As i mentioned last time, i´m writing an AJP Client for our
> server. Now that ajp13 supports ssl, I want to implement it, too. But
> I don´t really understant how this will work.
ajp13 supports SSL ATTRIBUTES, but don't make use of SSL, so it's not a secure
protocol. I proposed sometimes ago to add in ajp14 (or ajp13++) some sort of
crypto but it was not selected because it will add delay and sus slow the
througput between Apache and Tomcat. Better to use a SSH tunnel between your
AJP13 client and server (it's native code and fast).
> I first thought about an Inet-socket-ssl connection to Tomcat where
> the whole AJP Request will be ssl encrypted. But then I remembered the
> isssl flag within the AJP Protocol, so I thought, that maybe only the
> http headers are ssl encrypted (somekind of tunneling the http headers
> from the browser to Tomcat without decryption between). But that won´t
> work because I have to encode the Strings of the http headers
> (key,value).
isssl only indicate that the request came from a SSL connection.
Regards
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>