Filip Hanik - Dev Lists wrote:
gents and ladies,
currently we are doing SSL a little bit differently between APR and
the Java connectors.
The APR connector requires an attribute sslEngine="On" to kick in.
I believe this attribute to be useful for two reasons:
1.
Config should be as consistent as possible.
2.
If I use a SSL network card, or apache doing SSL etc, I would like to
trick Tomcat into thinking it is running in SSL
for example:
Apache Port 80 -> mod_proxy(http) -> Tomcat 8080
<Connector protocol="HTTP/1.1" port="8080"/>
Apache Port 443 -> mod_proxy(http) -> Tomcat 8081
<Connector protocol="HTTP/1.1" port="8081" secure="true"
scheme="https" sslEngine="off"/>
This example here is with Apache, but if you use any kind of SSL
accelerator, be it a network card or an appliance,
there is a risk of getting stuck in a redirect loop when using
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
in web.xml
Currently, you have to work around it using Valves or filters, but it
can get a little messy.
Useful?
What would you propose if we use HTTP/AJP + SSL between Apache httpd and TC?
BTW: In TC 5.x the secure="true" or secure="false" does not behave as in
the documentation (See PR 40766).
Cheers
Jean-Frederic
Filip
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
