tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Freyr Stefansson <>
Subject RE: Tomcat 3.2 SSL question
Date Wed, 06 Sep 2000 15:52:44 GMT
Thank you for this reply Costin and I'm sorry for the delay of replying to

The problem is that we don't use Apache + Tomcat.  The reason for this is
that we do not need a high performance http server and Apache would be much
too big to integrate into our project.  Therefore we are using Tomcat.

So I would like to get some info on HOW two way authentication in Tomcat is
done... can anybody point me in the right direction?

Thanks again in advance.

-----Original Message-----
From: Costin Manolache []
Sent: 30. agust 2000 16:30
Subject: Re: Tomcat 3.2 SSL question

> My first question is the obvious one.  When is Tomcat 3.2 final supposed
> come out?

To quote Jon:
When it's ready.

Few weeks ago I would have hoped for a faster release, but seeing the
amount of testing and detailing that's going on I would wait a bit more.
( documentations, script improvements, all kind of fixes, etc.). My feeling
is that's very close.

> start bugging you guys about it.  But... I would like to know if Tomcat
> SSL (once I get it up and running) supports two way authentication.  I
> the client to be able to verify that he/she is talking to the server
> believes he/she is talking to... (a lot of he/she's in there... anything
> be politically correct ;o) But I also need to be able to verify that the
> client is who he/she says he/she is (this is ridiculous).  For that I need
> two way authentication.

Probably it's he/she/it ( the browser is the client most of the time ).
I never tested this feature, but I saw few reports that it works.

If you use Tomcat + Apache then you can just use the Apache's
SSL for mutual authentication ( it should work faster too )

> One other thing is about the licencing.  Our plan is to integrate Tomcat
> into one of our own products.  The product is not a commercial product and
> very unlikely that anybody could benefit from using this thing except for
> company...  I would like to know if it is allright to use Tomcat in such a
> way?  Are there any limitations or fees???  We looked at the licence file
> that came with the Tomcat download and the way we understood that was that
> we could basically use it any which way we wanted given that we included
> some things in our manual and didn't change the headers of the source
> (you know... the thing whith all the copyright thingys and such).

AFAIK you can do anything you want except claim it's yours :-)
This is a frequent question - maybe we should add something on the
web page.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message