Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org Received: (qmail 50490 invoked from network); 4 Jun 2003 12:14:29 -0000 Received: from exchange.sun.com (192.18.33.10) by daedalus.apache.org with SMTP; 4 Jun 2003 12:14:29 -0000 Received: (qmail 5093 invoked by uid 97); 4 Jun 2003 12:16:43 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-dev@nagoya.betaversion.org Received: (qmail 5086 invoked from network); 4 Jun 2003 12:16:43 -0000 Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12) by nagoya.betaversion.org with SMTP; 4 Jun 2003 12:16:43 -0000 Received: (qmail 48099 invoked by uid 500); 4 Jun 2003 12:13:56 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 48043 invoked from network); 4 Jun 2003 12:13:56 -0000 Received: from exchange.sun.com (192.18.33.10) by daedalus.apache.org with SMTP; 4 Jun 2003 12:13:56 -0000 Received: (qmail 5057 invoked by uid 50); 4 Jun 2003 12:16:09 -0000 Date: 4 Jun 2003 12:16:09 -0000 Message-ID: <20030604121609.5056.qmail@nagoya.betaversion.org> From: bugzilla@apache.org To: tomcat-dev@jakarta.apache.org Cc: Subject: DO NOT REPLY [Bug 20473] - ajp13 connection between apache and tomcat is not encrypted X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20473 ajp13 connection between apache and tomcat is not encrypted hgomez@apache.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |INVALID ------- Additional Comments From hgomez@apache.org 2003-06-04 12:16 ------- Using a ssh tunnel consume less resource SINCE you do crypto with native code on both side, whereas in you're solution, we're doing crypto on Apache (native) and Tomcat (java). In many configuration, Apache and Tomcat are on the same box, so the packet are local and when tomcats are remotes, which is the case for large deployment, the security SHOULD BE HANDLED for each configuration/requirement. I found a little crasy to see HTTP SSL requests, decryped by Apache, then reencrypted by Apache for Tomcat (in ajp13) and then redecrypted by Tomcat. Also you shoudn't use bugzilla for such reports. It's not an error but a missing feature so the request should be sent on tomcat-dev where developpers could respond to you. --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org