gents and ladies,
currently we are doing SSL a little bit differently between APR and the
Java connectors.
The APR connector requires an attribute sslEngine="On" to kick in.
I believe this attribute to be useful for two reasons:
1.
Config should be as consistent as possible.
2.
If I use a SSL network card, or apache doing SSL etc, I would like to
trick Tomcat into thinking it is running in SSL
for example:
Apache Port 80 -> mod_proxy(http) -> Tomcat 8080
<Connector protocol="HTTP/1.1" port="8080"/>
Apache Port 443 -> mod_proxy(http) -> Tomcat 8081
<Connector protocol="HTTP/1.1" port="8081" secure="true" scheme="https"
sslEngine="off"/>
This example here is with Apache, but if you use any kind of SSL
accelerator, be it a network card or an appliance,
there is a risk of getting stuck in a redirect loop when using
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
in web.xml
Currently, you have to work around it using Valves or filters, but it
can get a little messy.
Useful?
Filip
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
