https://bz.apache.org/bugzilla/show_bug.cgi?id=58891
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bz.apache.org/bugzilla/show_bug.cgi?id=58891
--- Comment #4 from Remy Maucherat ---
Generally, I would like to keep the SSL page as a quick start, focusing on
people being able to test SSL with Tomcat as easily as possible.
BTW, the session cookie should be marked secure and shouldn't be
https://bz.apache.org/bugzilla/show_bug.cgi?id=58891
--- Comment #3 from Christopher Schultz ---
I like the idea, I don't like your re-write as it stands. A certificate, for
instance, does not guarantee security of a site. The site can be full of
malware designed to attack you and still have a ce
https://bz.apache.org/bugzilla/show_bug.cgi?id=58891
--- Comment #2 from Alexander Kjäll ---
Hi
I agree that SSL is complex, and I don't think it's within the scope of the
tomcat documentation to address all aspects of it, it can be very lengthy to
describe how different attack vectors works for
https://bz.apache.org/bugzilla/show_bug.cgi?id=58891
--- Comment #1 from Remy Maucherat ---
IMO this howto is a quick start with running the SSL connectors and testing
them, intended for developers. SSL is complex ! It could a good idea to add
some "production" SSL information in addition to that
