You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Liz Donaldson <ed...@rochester.rr.com> on 2005/06/05 16:41:26 UTC
ssl traffic between apache and tomcat via mod_jk
Hi,
I have a apache https enabled webserver and tomcat server an and am
using the mod_jk connection module. From all the documentation I have
read, it indicates that apache handles all the SSL negotiations and that
the traffic between apache and tomcat is clear text. How can I enable
communications between apache and tomcat to be encrpypted.
Thank You in advance,
Liz
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: ssl traffic between apache and tomcat via mod_jk
Posted by Liz Donaldson <ed...@rochester.rr.com>.
Thanks for quick reply!! Yes my tomcat server is behind the firewall,
but corporate security guidelines also is demanding that the
communications between apache and tomcat be ssl encrypted. I am going to
check out stunnel.org.
Thanks!
Michael Echerer wrote:
>Liz Donaldson wrote:
>
>
>>Hi,
>>
>>I have a apache https enabled webserver and tomcat server an and am
>>using the mod_jk connection module. From all the documentation I have
>>read, it indicates that apache handles all the SSL negotiations and that
>>the traffic between apache and tomcat is clear text. How can I enable
>>
>>
>Well in fact the traffic uses ajp13, a protocol which is not really
>"clear text". It's a binary format for optimization reasons.
>Nevertheless it's of course not crypted (if you know the protocol), but
>it might suffice for "minor" security demands as you cannot simply read
>it using sniffer tools.
>
>
>>communications between apache and tomcat to be encrpypted.
>>
>>
>For mod_jk and Tomcat I doubt you can encrypt it. I never
>heard/read/seen anything in the docu, too.
>You could maybe try things with an ssl tunnel like stunnel.org, but
>that's just a guess...
>
>BTW: Why is the communication between Apache and Tomcat an issue at all?
>Usually/Hopefully you're already in a "secure" environment with your
>Apache behind a firewall etc.
>
>Cheers,
>Michael
>
>
>>Thank You in advance,
>>Liz
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: ssl traffic between apache and tomcat via mod_jk
Posted by Michael Echerer <me...@tngtech.com>.
Liz Donaldson wrote:
> Hi,
>
> I have a apache https enabled webserver and tomcat server an and am
> using the mod_jk connection module. From all the documentation I have
> read, it indicates that apache handles all the SSL negotiations and that
> the traffic between apache and tomcat is clear text. How can I enable
Well in fact the traffic uses ajp13, a protocol which is not really
"clear text". It's a binary format for optimization reasons.
Nevertheless it's of course not crypted (if you know the protocol), but
it might suffice for "minor" security demands as you cannot simply read
it using sniffer tools.
> communications between apache and tomcat to be encrpypted.
For mod_jk and Tomcat I doubt you can encrypt it. I never
heard/read/seen anything in the docu, too.
You could maybe try things with an ssl tunnel like stunnel.org, but
that's just a guess...
BTW: Why is the communication between Apache and Tomcat an issue at all?
Usually/Hopefully you're already in a "secure" environment with your
Apache behind a firewall etc.
Cheers,
Michael
>
> Thank You in advance,
> Liz
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org