Hi Adi, When you are using HTTPS the SSL handshaking always occurs first, so that any data sent by the client is encrypted. This would include the authentication infro.
(You can check this if you have a packet sniffer - look for traffic on port 8443 I think for Tomcat by default - you should see that the only readable data is the server's certificate) Hope this helps Keith -----Original Message----- From: Adi Katz [mailto:[EMAIL PROTECTED] Sent: 08 January 2004 10:59 To: [EMAIL PROTECTED] Subject: axis in tomcat, using ssl Hello, I deployed Axis in tomcat 4.1 and configured tomcat to work in a secure mode ( SSL) The client send authentication data ( user and password) using: org.apache.axis.client.Stub.setUserName(_) org.apache.axis.client.Stub.setPassword(_) My question is whether the authentication info is sent after the SSL handshake so it is encrypted, or whether it is sent in clear text because it is part of the first request to the server. Thanks, Adi
