tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Liz Donaldson <edona...@rochester.rr.com>
Subject Re: ssl traffic between apache and tomcat via mod_jk
Date Sun, 05 Jun 2005 15:25:05 GMT
Thanks for quick reply!! Yes my tomcat server is behind the firewall, 
but corporate security guidelines also is demanding that the 
communications between apache and tomcat be ssl encrypted. I am going to 
check out stunnel.org.

Thanks!

Michael Echerer wrote:

>Liz Donaldson wrote:
>  
>
>>Hi,
>>
>>I have a apache https enabled webserver and tomcat server an and am
>>using the mod_jk connection module. From all the documentation I have
>>read, it indicates that apache handles all the SSL negotiations and that
>>the traffic between apache and tomcat is clear text. How can I enable
>>    
>>
>Well in fact the traffic uses ajp13, a protocol which is not really
>"clear text". It's a binary format for optimization reasons.
>Nevertheless it's of course not crypted (if you know the protocol), but
>it might suffice for "minor" security demands as you cannot simply read
>it using sniffer tools.
>  
>
>>communications between apache and tomcat to be encrpypted.
>>    
>>
>For mod_jk and Tomcat I doubt you can encrypt it. I never
>heard/read/seen anything in the docu, too.
>You could maybe try things with an ssl tunnel like stunnel.org, but
>that's just a guess...
>
>BTW: Why is the communication between Apache and Tomcat an issue at all?
>Usually/Hopefully you're already in a "secure" environment with your
>Apache behind a firewall etc.
>
>Cheers,
>Michael
>  
>
>>Thank You in advance,
>>Liz
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>    
>>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message