tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Echerer <m...@tngtech.com>
Subject Re: ssl traffic between apache and tomcat via mod_jk
Date Sun, 05 Jun 2005 15:08:26 GMT
Liz Donaldson wrote:
> Hi,
> 
> I have a apache https enabled webserver and tomcat server an and am
> using the mod_jk connection module. From all the documentation I have
> read, it indicates that apache handles all the SSL negotiations and that
> the traffic between apache and tomcat is clear text. How can I enable
Well in fact the traffic uses ajp13, a protocol which is not really
"clear text". It's a binary format for optimization reasons.
Nevertheless it's of course not crypted (if you know the protocol), but
it might suffice for "minor" security demands as you cannot simply read
it using sniffer tools.
> communications between apache and tomcat to be encrpypted.
For mod_jk and Tomcat I doubt you can encrypt it. I never
heard/read/seen anything in the docu, too.
You could maybe try things with an ssl tunnel like stunnel.org, but
that's just a guess...

BTW: Why is the communication between Apache and Tomcat an issue at all?
Usually/Hopefully you're already in a "secure" environment with your
Apache behind a firewall etc.

Cheers,
Michael
> 
> Thank You in advance,
> Liz
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message