On Wed, Feb 15, 2012 at 12:56 AM, Mladen Turk <mt...@apache.org> wrote:
> On 02/15/2012 04:53 AM, Costin Manolache wrote: > >> Uploaded another take. >> >> >> For non-SSL ( JIO, and apr without ssl ) -> SPDY just kicks in on all >> connections, >> this is just a short-cut for testing. I could also define a SpdyProtocol >> and set it >> directly on the connector - but seems too much overhead for something that >> is testing/experimental. >> >> > If we are going to consider this as AJP alternative (++1) then > the SSL would definitely be handy (doesn't have to be TLS in that case, > although some contemporary JVMs might support it) > One of the major problems why users choose https over ajp for > server<->server communication is that (viable or not) > I don't see any problem here - you can use 'secure' on the jio connector. Or we can modify the APR connector to allow "proxy" mode for the spdy connection. To make the proxy work - it'll need additional code to read and trust some X- headers from the real frontend ( client cert, ip, etc ). I haven't implemented this part yet for either 'real' spdy or proxy. > > So I'm not sure how SPDY is 'customizable' for allowing different > transport layers. eg. can it use SSLv23 instead TLSv1 > Real spdy requires TLS handshake - I don't remember the minimum version. For proxy you can use whatever you want. Costin > > Regards > -- > ^TM > > > ------------------------------**------------------------------**--------- > To unsubscribe, e-mail: > dev-unsubscribe@tomcat.apache.**org<dev-unsubscr...@tomcat.apache.org> > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
