tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ian Hunter" <ihun...@hunterweb.net>
Subject How to verify SSL/HTTPS behind Tomcat via AJP13
Date Tue, 25 Feb 2003 02:26:10 GMT
>From http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html -- "Any
pages which absolutely require a secure connection should check the protocol
type associated with the page request and take the appropriate action of
https is not specified."

Also, "When running Tomcat primarily as a Servlet/JSP container behind
another web server, such as Apache or Microsoft IIS, it is usually necessary
to configure the primary web server to handle the SSL connections from
users. Typically, this server will negotiate all SSL-related functionality,
then pass on any requests destined for the Tomcat container only after
decrypting those requests. Likewise, Tomcat will return cleartext responses,
that will be encrypted before being returned to the user's browser. In this
environment, Tomcat knows that communications between the primary web server
and the client are taking place over a secure connection (because your
application needs to be able to ask about this), but it does not participate
in the encryption or decryption itself."

However, when I check "request.getProtocol()" I get "HTTP/.1.1" even when
I'm connecting via SSL (url shows https: and browser shows "lock" and
confirms 128 bit SSL) -- what gives?


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message