You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Sam Newman <sa...@btinternet.com> on 2001/04/23 19:08:41 UTC

Re: SSL detection

I'm not sure if this is different on winNT, as I did it on Linux, and so
these instructions are really for that. All the packages mentioned here i
think also come with win32 instructions. First, get Apache using mod_ssl.
Easiest way to do this is to download openssl 0.9.6a (www.openssl.org), the
latest apache source (www.apache.org) and the mod_ssl source (search
google - can't remember the url - maybe www.modssl.org  ) The mod_ssl
install file then explains how to build all 3 packages and get them running.
Then get Apache serving .jsp and servlets via tomcat using the ajpv13
protocol (look at the Apache-Tomcat howto in the docs). The older ajpv12
protocol has some issues with SSL. The servlets and jsps should work equally
well under https or http, with the exception (perhaps) of URL rewritting
when the client has cookies disabled (search the archive for recent posts
for more info).

As I said, this worked for me on Linux, more specifically under SuSE 7.0.

sam
----- Original Message -----
From: "subbu" <su...@ibc.co.in>
To: <to...@jakarta.apache.org>
Sent: Tuesday, April 24, 2001 3:27 AM
Subject: Re: SSL detection


> Hello SAM could U please tell me How to configure apache to support SSL
> (winnt)
> with love
> subbu.
> ----- Original Message -----
> From: "Sam Newman" <sa...@btinternet.com>
> To: <to...@jakarta.apache.org>
> Sent: Monday, April 23, 2001 3:59 AM
> Subject: SSL detection
>
>
> > I have Apache and Tomcat running together under SSL. I now want to
create
> a
> > page which only run under SSL. I want http and https to share the same
> > documents however. My first idea is to simply have a tag handler, which
> > detects the protocol, and if not SSL is simply redirects to a page
> explaning
> > why they cannot view the requested document.
> > By problem is that I'm not sure on the correct way to retrieve what type
> of
> > protocol is being used. There is a getAuthType method in
> HttpServletRequest,
> > but the return type is simply a string (e.g. "BASIC" or "SSL"). My
concern
> > is that this return could vary from browser to browser. Can I assume
that
> if
> > using SSL the return will always be the string "SSL"? Also, how can I
> detect
> > which level of encryption is being used? Ideally, I'd like to restrict
> users
> > to connecting using 128bit only, or at least issue a warning when its at
> > 40bit.
> >
> > Thanks in advance,
> >
> > Sam
>
>