tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Rescorla <>
Subject Re: Submission: Portable SSL Support
Date Fri, 07 Dec 2001 14:59:24 GMT
"Bill Barker" <> writes:
> It compiles with or without JSSE, and runs fine without an SSL connector.
> However, I haven't actually gotten around to doing the whole keystore thing
> here, so the (big) one thing I haven't tried (yet) is to run it with an
> JSSE-SSL connection.
I just did a CVS update and checked it against PureTLS. It runs fine.

> The other thing that would be nice is to be able to access the SessionId,
> (via request.getAttribute("javax.servlet.request.ssl_session")).  There is
> already optional support to validate HttpSession access against this for SSL
> sessions in 3.3.x.  Currently it is only supported if you are connecting via
> Apache, but stand-alone (at least for PureTLS) would also be a nice feature.
That's certainly easy to add. I just didn't know what attribute string
to use since I didn't see it in the Servlet 2.3 spec. Which spec
is this string defined in?


[Eric Rescorla                         ]

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message