tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: SSL Encryption for Cluster Conversations (NioReceiver and Members)
Date Fri, 14 Sep 2018 12:34:57 GMT
On 14/09/18 13:11, Tim K wrote:
> Using latest Tomcat 9.0.11.  I'm using the securePort attribute for both
> the NioReceiver and StaticMembers but when capturing and inspecting the
> traffic over the secure ports with WireShark, I'm seeing all my session
> data in clear text, even my username as password (user principal)!  I tried
> removing the port attribute from both, elements, leaving just the
> securePort there but this does not encrypt the traffic.

To my knowledge, the port was added but TLS was never implemented. It
may be better if we remove that code entirely. Why you'd want a secure
port and an insecure port at the same time for a cluster never did make
much sense to me.

The typical TLS configuration is a poor choice for clusters It would
require quite a lot of configuration. Encryption based on a pre-shared
private key would be a better approach.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message