tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gomez Henri <hgo...@slib.fr>
Subject RE: Tomcat 3.2 SSL question
Date Wed, 06 Sep 2000 19:29:11 GMT
SSL process (crypto) is an cpu tak and many of us have
setup allready apache + ssl (apache-ssl, apache-mod_ssl ...)

There is at least two situations :

1) The server must be authentified by the browser but not the client

2) The server and the client must be authentified (strong) via a client
   certificate imported in the browser.

Apache with, at least mod_ssl, do perfectly the job and you could
build a totally OpenSource solution with tools like :

OpenSSL, OpenCA, mod_ssl.

But what we didn't have for now is servlet example code which 
show us how to get SSL vars like client Common Name (CN), 
organization (O) and so on.

These examples are when using AJP13 connector (thanks to mod_jk)

If someone could provide this kind of example code (and why not
put it in examples, it will be a good starting point to do webapps
which relies on front webserver to the not so basic authentification,
resiliation tasks.

With this, we can also have a slighty faster tomcat system (we
could be sure that Apache will stay faster to handle http/https 
for some years).

Also tomcat start up much more quickly (You could make the experiment
with a tomcat using AJP12/AJP13 and http/https connectors 
and then removing http/https connectors).

In fine did we want tomcat to be the fastest servlet engine or to
be the UNIVERSAL MULTI-PURPOSE WEB/SERVLET/XXXX ENGINE ?

There is allready the good old Apache for HTTP/HTTPS tasks and 
there is hundred of years of developpement behind him. And how many
sites well tuned with it (I think of magic stuff like php3/4, the 
evil/angel mod_rewrite (thk Ralf), mod_ssl (Rethk Ralf).

See you.

PS: Who handle mod_jk now, I've got problems with AJP13/mod_jk and
RequestDispatcher .forward and no response for some time now ?



-
Unix is like a 'hogan' -- no Gates, no Windows, and an Apache inside.

Mime
View raw message