tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arieh Markel <Arieh.Mar...@Central.Sun.COM>
Subject Re: SSL in Tomcat 3.1 (and Catalina)
Date Tue, 30 May 2000 20:56:54 GMT

> Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
> X-No-Archive: yes
> list-help: <mailto:tomcat-dev-help@jakarta.apache.org>
> list-unsubscribe: <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> list-post: <mailto:tomcat-dev@jakarta.apache.org>
> Delivered-To: mailing list tomcat-dev@jakarta.apache.org
> From: "Craig R. McClanahan" <Craig.McClanahan@eng.sun.com>
> To: tomcat-dev@jakarta.apache.org
> Subject: Re: SSL in Tomcat 3.1 (and Catalina)
> X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N
> 
> Warner Onstine wrote:
> 
> > Ok,
> > So that I don't miss anything as I start to progress on this:
> > 1. We want Tomcat (and Catalina) to support SSL with the following Crypto:
> > (please tell me if I miss any with links for my research)
> >     a. TLS (http://www.puretls.org)
> >     b. RSA (many, but is there an open-source version?)
> >     c. IDEA (again, many, but is there an OS version?)
> >     d. DES, triple DES
> >     e. RC4, RC2
> >
> 
> One approach that should definitely be provided is supporting crypto
> implementations that conform to the Java Secure Sockets Extension (JSSE) APIs,
> which let you plug in different implementations similar to what JAXP does for
> XML parsers.  The reference implementation can be used for developing and
> testing.  <http://java.sun.com/products/jsse>.


And on a follow-on note, the cryptographic extensions supported should
conform to the JCE <http://java.sun.com/products/jce>. That should cover
support for any JCE conformant implementation.

Arieh

> 
> >
> > Q. Does anyone know or have a link to which browsers support which
> > encryption techniques?
> >
> > Q. Do we want to make it 'pluggable' via web.xml or server.xml? (or another
> > option I didn't even consider?)
> >
> 
> Any such customization would need to go in server.xml -- the format of web.xml
> is fixed by the servlet spec.
> 
> In both Tomcat 3.1 and Catalina, the connector is already a pluggable 
component
> with properties that can be discovered through reflection, so this should be
> pretty easy.  I don't know enough about SSL/TLS to know whether it is
> sufficient to build a single "SSLConnector" implementation with pluggable
> socket implementations underneath, or whether you need separate Connectors
> (from the Tomcat perspective) for each socket suite.  The former would be
> preferable IMHO.
> 
> 
> 
> >
> > I think that is about all of my questions for now, thanks guys!
> >
> > -warner
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org

--
 Arieh Markel		                Sun Microsystems Inc.
 Network Storage                        500 Eldorado Blvd. MS UBRM11-194
 e-mail: arieh.markel@sun.COM           Broomfield, CO 80021
 Let's go Panthers !!!!                 Phone: (303) 272-8547 x78547
 (e-mail me with subject SEND PUBLIC KEY to get public key)


Mime
View raw message