tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Jones <sc...@on-sitemanager.com>
Subject Re: SSL Detection (mod_jk, openssl, apache)
Date Fri, 09 Nov 2001 22:35:29 GMT
I'm still trying to figure out a way to do this SSL encryption strength
detection...  It seems that 

	request.getAttribute("javax.servlet.request.key_size") 

is always null even when I've included the SSL configuration options for
mod_jk and my AJP 13 worker...  

I've tried this both with Tomcat 3.3 and Tomcat 3.2.3 but keep on
getting the null value.  The variables cipher_suite, and ssl_session are
not defined either...  

If anybody has any suggestions as to how I might go about doing this,
I'd really appreciate it!  

Thanks.

-Scott

On Mon, 2001-11-05 at 08:33, Scott Jones wrote:
> Hello,
> 
> I'd like to restrict a certain area of our application to 128 bit
> encryption only, but I want to provide information and links for people
> if they don't have the required encryption strength.  
> 
> I'm using mod_jk-eapi and Tomcat 3.2.3 with AJP 13.  I've included the
> SSL section into my http.conf (see below).
> 
> Are there any variables available to my JSPs/servlets that can help me
> determine whether to send people to the 128 bit encryption required
> sections or not?
> 
> I saw in an article about Tomcat 4 (thanks, google)
> [http://www.javaworld.com/javaworld/jw-01-2001/jw-0126-servletapi.html]
> that this information is available thanks to the 2.3 Servlet Specs like
> this:  req.getAttribute("javax.servlet.request.key_size")  Is there
> something similar for tomcat 3.x?  OR, do I need to think about
> upgrading to Tomcat 4 sooner rather than later?
> 
> Thanks for any suggestions anyone has!
> 
> Cheers,
> 
> -Scott
> 
> 
> ###################################################################
> #                     SSL configuration                           #
> #
> # By default mod_jk is configured to collect SSL information from
> # the apache environment and send it to the Tomcat workers. The
> # problem is that there are many SSL solutions for Apache and as
> # a result the environment variable names may change.
> #
> # The following (commented out) JK related SSL configureation
> # can be used to customize mod_jk's SSL behaviour.
> #
> # Should mod_jk send SSL information to Tomact (default is On)
>  JkExtractSSL On
> #
> # What is the indicator for SSL (default is HTTPS)
>  JkHTTPSIndicator HTTPS
> #
> # What is the indicator for SSL session (default is SSL_SESSION_ID)
>  JkSESSIONIndicator SSL_SESSION_ID
> #
> # What is the indicator for client SSL cipher suit (default is
> SSL_CIPHER)
>  JkCIPHERIndicator SSL_CIPHER
> #
> # What is the indicator for the client SSL certificated (default is
> SSL_CLIENT_\CERT)
>  JkCERTSIndicator SSL_CLIENT_CERT
> #
> #                                                                 #
> ###################################################################
> 
> 
> 
> --
> To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>



--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message