tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Costin Manolache <cos...@gmail.com>
Subject Re: SPDY support
Date Wed, 15 Feb 2012 16:01:57 GMT
On Wed, Feb 15, 2012 at 12:56 AM, Mladen Turk <mturk@apache.org> wrote:

> On 02/15/2012 04:53 AM, Costin Manolache wrote:
>
>> Uploaded another take.
>>
>>
>> For non-SSL ( JIO, and apr without ssl ) ->  SPDY just kicks in on all
>> connections,
>> this is just a short-cut for testing. I could also define a SpdyProtocol
>> and set it
>> directly on the connector - but seems too much overhead for something that
>> is testing/experimental.
>>
>>
> If we are going to consider this as AJP alternative (++1) then
> the SSL would definitely be handy (doesn't have to be TLS in that case,
> although some contemporary JVMs might support it)
> One of the major problems why users choose https over ajp for
> server<->server communication is that (viable or not)
>

I don't see any problem here - you can use 'secure' on the jio connector.
Or we can modify the APR connector to allow "proxy" mode for the spdy
connection.

To make the proxy work - it'll need additional code to read and trust
some X- headers from the real frontend ( client cert, ip, etc ).
I haven't implemented this part yet for either 'real' spdy or proxy.



>
> So I'm not sure how SPDY is 'customizable' for allowing different
> transport layers. eg. can it use SSLv23 instead TLSv1
>

Real spdy requires TLS handshake - I don't remember the minimum version.

For proxy you can use whatever you want.

Costin


>
> Regards
> --
> ^TM
>
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.**org<dev-unsubscribe@tomcat.apache.org>
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message