Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 8653 invoked from network); 23 Nov 2005 04:13:17 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 23 Nov 2005 04:13:17 -0000 Received: (qmail 58459 invoked by uid 500); 23 Nov 2005 04:13:00 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 58402 invoked by uid 500); 23 Nov 2005 04:12:59 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 58390 invoked by uid 99); 23 Nov 2005 04:12:59 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Nov 2005 20:12:59 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of jak-tomcat-user@m.gmane.org designates 80.91.229.2 as permitted sender) Received: from [80.91.229.2] (HELO ciao.gmane.org) (80.91.229.2) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Nov 2005 20:14:30 -0800 Received: from list by ciao.gmane.org with local (Exim 4.43) id 1Eelys-0005a7-AZ for users@tomcat.apache.org; Wed, 23 Nov 2005 05:11:38 +0100 Received: from pool-71-104-89-213.lsanca.dsl-w.verizon.net ([71.104.89.213]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 23 Nov 2005 05:11:38 +0100 Received: from wbarker by pool-71-104-89-213.lsanca.dsl-w.verizon.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 23 Nov 2005 05:11:38 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: users@tomcat.apache.org From: "Bill Barker" Subject: Re: SSL Handshake before parameters sent??? Date: Tue, 22 Nov 2005 20:11:11 -0800 Lines: 37 Message-ID: References: X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: pool-71-104-89-213.lsanca.dsl-w.verizon.net X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-RFC2646: Format=Flowed; Original Sender: news X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N "John MccLain" wrote in message news:JMEOIPJEDGMHCIOMBHLIMEALFBAA.jmcclain@tcshealthcare.com... > We have a servlet that is served by Tomcat. IIS is employed to redirect ot > Tomcat via AJP. IIS is also SSL enabled as our data is sensistive. > > I wish to call a servlet and pass SSL encrypted data. BUT, to start the > SSL > handshake off, I am making a servlet request with the data I wish to be > SSL > encrypted. > > My question is > > If I call a servlet from a browser and pass the servlet some parameters > that > need to be sent encrypted, do the parameters get SSL encrypted BEFORE they > are sent, or are they sent clear text, then the SSL Handshake, then all > other data sent is encrypted? > The handshake happens first. Only after the browser has decided it trusts you and a cipher has been decided on will it send the HTTP data. This includes the requestURI, headers, as well as the POST body. This is the main reason that you can't use NamedVirtualHosts with SSL: The server has to pick a certificate to send long before it knows the Host header. > John McClain > Senior Software Engineer > TCS Healthcare > jmcclain@tcshealthcare.com > (530)886-1700x235 > "Skepticism is the first step toward truth" --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org