tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Md. Jahid Shohel" <jsho...@gmail.com>
Subject Re: Tomcat SSL handshaking
Date Sat, 08 Dec 2007 09:56:11 GMT
Hi,

First of all Filip and Bill, thanks a lot for such a good suggestion.
Though I still didnt implement, but I will give a try according you
said.

One more question, can you tell me when the first user request an SSL
request (i mean by http://www.mysite.com) then from which part of code
sends server's certificate to client?

Also, how can i protect, so that tomcat doesn't go to any Certificate
Authority (CA) to clarify client's certificate?

Getting control on whole handshaking is the perfect solution for me.
And also seeing how tomcat do that handshaking (i mean from a to z of
tomcat's handshaking, from client's sending "hello" to finally session
key generation) will be a good help to know how to hook my own
handshaking.



If you have any suggestion, please let me know.


Regards,

Jahid

On Dec 7, 2007 8:39 PM, Bill Barker <wbarker@wilshire.com> wrote:
>
>
> > -----Original Message-----
> > From: Filip Hanik - Dev Lists [mailto:devlists@hanik.com]
> > Sent: Friday, December 07, 2007 10:46 AM
> > To: Tomcat Developers List
> > Subject: Re: Tomcat SSL handshaking
> >
> > really only one way of doing it.
> > In the BIO connector
> > protocol="org.apache.coytote.http11.Http11Protocol", the handshake
> > happens inside the blocking streams (at the JSSE layer), so I don't
> > think you can control it here.
>
> Actually, you can specify your own SSLImplementation class here, and do
> anything you like with the SSL protocol.  JSSE is just what you get when it
> can't find anything else.
>
>
> > In the APR connector
> > protocol="org.apache.coytote.http11.Http11AprProtocol", the handshake
> > happens inside the openssl layer, so you can't do it there
> >
> > In the NIO connector
> > protocol="org.apache.coytote.http11.Http11NioProtocol", the handshake
> > happens inside the SSLEngine, but you could swap that out,
> > since this is
> > the only connector that actually gets hold of the bytes that get sent
> > over the network. The code for this would be
> > org/apache/tomcat/util/net/SecureNioChannel.java, look at the
> > handshake
> > method
> >
> > http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apa
> > che/tomcat/util/net/SecureNioChannel.java?view=markup
> >
> > Filip
> >
> > Md. Jahid Shohel wrote:
> > > Hi,
> > >
> > > I am really sorry to mailing here for such a question. I am mailing
> > > here because I didn't get any help from other places. My question is
> > > ---
> > >
> > >
> > > How I can take the control of SSL handshaking from tomcat, so that I
> > > can do the handshaking process by myself.
> > >
> > > Regards.
> > >
> > >
> > > Jahid
> > >
> > >
> > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> > > For additional commands, e-mail: dev-help@tomcat.apache.org
> > >
> > >
> > >
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: dev-help@tomcat.apache.org
> >
> >
> >
>
>
>
> This message is intended only for the use of the person(s) listed above as the intended
recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL.  If you are
not an intended recipient, you may not read, copy, or distribute this message or any attachment.
If you received this communication in error, please notify us immediately by e-mail and then
delete all copies of this message and any attachments.
>
> In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet
is not secure. Do not send confidential or sensitive information, such as social security
numbers, account numbers, personal identification numbers and passwords, to us via ordinary
(unencrypted) e-mail.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message