Return-Path: Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 52335 invoked from network); 30 May 2000 20:52:39 -0000 Received: from lukla.sun.com (192.18.98.31) by locus.apache.org with SMTP; 30 May 2000 20:52:39 -0000 Received: from centralmail2.Central.Sun.COM ([129.147.62.11]) by lukla.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id OAA05963 for ; Tue, 30 May 2000 14:52:38 -0600 (MDT) Received: from swanaba.central (swanaba.Central.Sun.COM [129.147.30.5]) by centralmail2.Central.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with ESMTP id OAA25414 for ; Tue, 30 May 2000 14:52:38 -0600 (MDT) Received: from eng.sun.com (salespilot.Central.Sun.COM [129.147.30.18]) by swanaba.central (8.8.8+Sun/8.8.8) with ESMTP id OAA03029 for ; Tue, 30 May 2000 14:31:57 -0600 (MDT) Message-ID: <393429FA.31F15AB6@eng.sun.com> Date: Tue, 30 May 2000 13:52:11 -0700 From: "Craig R. McClanahan" X-Mailer: Mozilla 4.72 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: tomcat-dev@jakarta.apache.org Subject: Re: SSL in Tomcat 3.1 (and Catalina) References: <004301bfca74$4e419080$5c01a8c0@intalio.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N Warner Onstine wrote: > Ok, > So that I don't miss anything as I start to progress on this: > 1. We want Tomcat (and Catalina) to support SSL with the following Crypto: > (please tell me if I miss any with links for my research) > a. TLS (http://www.puretls.org) > b. RSA (many, but is there an open-source version?) > c. IDEA (again, many, but is there an OS version?) > d. DES, triple DES > e. RC4, RC2 > One approach that should definitely be provided is supporting crypto implementations that conform to the Java Secure Sockets Extension (JSSE) APIs, which let you plug in different implementations similar to what JAXP does for XML parsers. The reference implementation can be used for developing and testing. . > > Q. Does anyone know or have a link to which browsers support which > encryption techniques? > > Q. Do we want to make it 'pluggable' via web.xml or server.xml? (or another > option I didn't even consider?) > Any such customization would need to go in server.xml -- the format of web.xml is fixed by the servlet spec. In both Tomcat 3.1 and Catalina, the connector is already a pluggable component with properties that can be discovered through reflection, so this should be pretty easy. I don't know enough about SSL/TLS to know whether it is sufficient to build a single "SSLConnector" implementation with pluggable socket implementations underneath, or whether you need separate Connectors (from the Tomcat perspective) for each socket suite. The former would be preferable IMHO. > > I think that is about all of my questions for now, thanks guys! > > -warner > > --------------------------------------------------------------------- > To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org > For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org