Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 12516 invoked from network); 14 Feb 2006 03:47:04 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 14 Feb 2006 03:47:04 -0000 Received: (qmail 90109 invoked by uid 500); 14 Feb 2006 03:46:49 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 90091 invoked by uid 500); 14 Feb 2006 03:46:49 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 90080 invoked by uid 99); 14 Feb 2006 03:46:49 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 13 Feb 2006 19:46:49 -0800 X-ASF-Spam-Status: No, hits=2.1 required=10.0 tests=RCVD_IN_WHOIS_INVALID,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of alexandre.akoulov@citigroup.com designates 199.67.179.104 as permitted sender) Received: from [199.67.179.104] (HELO mail.citigroup.com) (199.67.179.104) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 13 Feb 2006 19:46:48 -0800 Received: from imbarc-nj01.nj.ssmb.com (imbarc-nj01.nj.ssmb.com [150.110.115.169]) by imbaspam-ny04.ssmb.com (8.13.5/8.13.5/SSMB_EXT/ev: 14170 $) with ESMTP id k1E3kR0M011105 for ; Tue, 14 Feb 2006 03:46:27 GMT Received: from mailhub-au01.aus.nsroot.net (mailhub-au01.aus.nsroot.net [169.191.97.43]) by imbarc-nj01.nj.ssmb.com (8.13.1/8.13.1/SSMB_QQQ_IN/1.1) with ESMTP id k1E3kFex028448 for ; Tue, 14 Feb 2006 03:46:16 GMT Received: from exsysm01.aus.nsroot.net (prkbigip1-11-1-int0.aus.nsroot.net [169.191.97.129]) by mailhub-au01.aus.nsroot.net (8.12.10/8.12.10/CG_HUB) with ESMTP id k1E3k9Se002293 for ; Tue, 14 Feb 2006 03:46:14 GMT Received: from exsymb02.aus.nsroot.net ([169.191.99.130]) by exsysm01.aus.nsroot.net with Microsoft SMTPSVC(5.0.2195.6713); Tue, 14 Feb 2006 14:45:55 +1100 X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: Encrypting ajp13 traffic Date: Tue, 14 Feb 2006 14:45:55 +1100 Message-ID: <1F78B75C252B574FBC551990AE8A836704A46BF4@exsymb02.aus.nsroot.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Encrypting ajp13 traffic Thread-Index: AcYw4xK16nlFeYbdS8eN4je63apo+wANWWzw From: "Akoulov, Alexandre" To: "Tomcat Users List" X-OriginalArrivalTime: 14 Feb 2006 03:45:55.0563 (UTC) FILETIME=[28D503B0:01C63119] X-Scanned-By: MIMEDefang 2.52 on 199.67.177.46 X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Yes, i've got similar setup . We might end up setting up ssh tunnelling as well. Kind regards, Sasha.=20 -----Original Message----- From: David Smith [mailto:dns4@cornell.edu] Sent: Tuesday, 14 February 2006 8:18 AM To: Tomcat Users List Subject: Re: Encrypting ajp13 traffic While I can't speak for the O.P., I have had need for this myself once=20 upon a time.=20 Consider a setup where the content has to be secured via SSL and=20 communication to/from the tomcat is over untrusted infrastructure SSL=20 can't be proxied, so there is a need for the AJP/13 communication to be=20 encrypted. My solution at the time was to setup a SSH tunnel between=20 the two systems. It would be nice to have some form of encryption optionally available. Food for thought. -- David Mark Thomas wrote: > Akoulov, Alexandre wrote: > =20 >> I am wondering if there is a way encrypt the traffic between apache = and tomcat when they talk to each other on ajp13.=20 >> =20 > Why do you want to do this? What requirement are you trying to meet / > security threat are you trying to mitigate? > > Mark > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > > =20 --=20 David Smith Network Operations Supervisor Department of Entomology Cornell University 2132 Comstock Hall Ithaca, NY 14853 Phone: (607) 255-9571 Fax: (607) 255-0940 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org