tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <Craig.McClana...@eng.sun.com>
Subject Re: SSL in Tomcat 3.1 (and Catalina)
Date Tue, 30 May 2000 20:52:11 GMT
Warner Onstine wrote:

> Ok,
> So that I don't miss anything as I start to progress on this:
> 1. We want Tomcat (and Catalina) to support SSL with the following Crypto:
> (please tell me if I miss any with links for my research)
>     a. TLS (http://www.puretls.org)
>     b. RSA (many, but is there an open-source version?)
>     c. IDEA (again, many, but is there an OS version?)
>     d. DES, triple DES
>     e. RC4, RC2
>

One approach that should definitely be provided is supporting crypto
implementations that conform to the Java Secure Sockets Extension (JSSE) APIs,
which let you plug in different implementations similar to what JAXP does for
XML parsers.  The reference implementation can be used for developing and
testing.  <http://java.sun.com/products/jsse>.

>
> Q. Does anyone know or have a link to which browsers support which
> encryption techniques?
>
> Q. Do we want to make it 'pluggable' via web.xml or server.xml? (or another
> option I didn't even consider?)
>

Any such customization would need to go in server.xml -- the format of web.xml
is fixed by the servlet spec.

In both Tomcat 3.1 and Catalina, the connector is already a pluggable component
with properties that can be discovered through reflection, so this should be
pretty easy.  I don't know enough about SSL/TLS to know whether it is
sufficient to build a single "SSLConnector" implementation with pluggable
socket implementations underneath, or whether you need separate Connectors
(from the Tomcat perspective) for each socket suite.  The former would be
preferable IMHO.



>
> I think that is about all of my questions for now, thanks guys!
>
> -warner
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message