tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: Tomcat SSL handshaking
Date Sun, 09 Dec 2007 01:57:48 GMT

"Md. Jahid Shohel" <jshohel@gmail.com> wrote in message 
news:a32d28300712080230m90392d6ia8819124956b98b5@mail.gmail.com...
> Hi,
> (Sorry for resending the same message. There were some typo. I am
> really sorry for resending)
>
>
> First of all Filip and Bill, thanks a lot for such a good suggestion.
> Though I still didnt implement, but I will give a try according you
> said.
>
> One more question, can you tell me when the first user request an SSL
> request (i mean by https://www.mysite.com) then from which part of code
> sends server's certificate to client?
>

Well, the first place to look is org.apache.tomcat.net.SSL* (at least for 
the BIO Connector).  However, Tomcat doesn't understand SSL/TLS.  It relies 
on finding an SSLImplementation that does understand it, and delegates  to 
it.  The two that ship with Tomcat are in org.apache.tomcat.net.jsse and 
org.apache.tomcat.net.puretls.

If all you care about is certs, then it will probably be easier to configure 
your own X509KeyManager and X508TrustManager as in the JSSE docs.

> Also, how can i protect, so that tomcat doesn't go to any Certificate
> Authority (CA) to clarify client's certificate?
>

This is actually configurable with PureTLS.  But for JSSE, see my comment 
above.

> Getting control on whole handshaking is the perfect solution for me.
> And also seeing how tomcat do that handshaking (i mean from a to z of
> tomcat's handshaking, from client's sending "hello" to finally session
> key generation) will be a good help to know how to hook my own
> handshaking. Also, if you tell me where to see for the implementation,
> then I can get some idea while I am implementing my part of code.
>
>
>
> If you have any suggestion, please let me know.
>
>
> Regards,
>
> Jahid 




---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message