tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-frederic Clere <jfcl...@gmail.com>
Subject Re: SSL Connectors - config proposal
Date Tue, 17 Oct 2006 20:12:01 GMT

Filip Hanik - Dev Lists wrote:

> gents and ladies,
>
> currently we are doing SSL a little bit differently between APR and 
> the Java connectors.
> The APR connector requires an attribute sslEngine="On" to kick in.
>
> I believe this attribute to be useful for two reasons:
>
> 1.
> Config should be as consistent as possible.
>
> 2.
> If I use a SSL network card, or apache doing SSL etc, I would like to 
> trick Tomcat into thinking it is running in SSL
> for example:
>
> Apache Port 80 -> mod_proxy(http) -> Tomcat 8080
> <Connector protocol="HTTP/1.1" port="8080"/>
> Apache Port 443 -> mod_proxy(http) -> Tomcat 8081
> <Connector protocol="HTTP/1.1" port="8081" secure="true" 
> scheme="https" sslEngine="off"/>
>
> This example here is with Apache, but if you use any kind of SSL 
> accelerator, be it a network card or an appliance,
> there is a risk of getting stuck in a redirect loop when using 
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> in web.xml
>
> Currently, you have to work around it using Valves or filters, but it 
> can get a little messy.
>
> Useful?

What would you propose if we use HTTP/AJP + SSL between Apache httpd and TC?
BTW: In TC 5.x the secure="true" or secure="false" does not behave as in 
the documentation (See PR 40766).

Cheers

Jean-Frederic

>
> Filip
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message