Can traffic between mod_jk and Tomcat's AJP connector be encrypted (without using ssh/stunnel)?
I see SSL mentioned in the doc for AJP, but it's clear as mud: http://tomcat.apache.org/tomcat-5.5-doc/config/ajp.html So, in Apache, I am using SSL and mod_jk. I set these parameters per the mod_jk doc: # JkOptions indicate to send SSL KEY SIZE, JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories JkExtractSSL On # What is the indicator for SSL (default is HTTPS) JkHTTPSIndicator HTTPS # What is the indicator for SSL session (default is SSL_SESSION_ID) JkSESSIONIndicator SSL_SESSION_ID # What is the indicator for client SSL cipher suit (default is SSL_CIPHER) JkCIPHERIndicator SSL_CIPHER # What is the indicator for the client SSL certificated (default is SSL_CLIENT_CERT) JkCERTSIndicator SSL_CLIENT_CERT In Tomcat's server.xml, I have define an AJP/1.3 connector like so: <Connector port="8202" protocol="AJP/1.3" URIEncoding="UTF-8" scheme="https" secure="true" clientAuth="false"> (mod_jk worker uses this connection) It works whether I set scheme and secure or not. Is the communication encrypted? (If so, I'd wonder how since Tomcat knows nothing of my CA's public key or my keystore.) What am I missing? -- View this message in context: http://www.nabble.com/Is-this-possibe---mod_jk-%3C%3D%3DSSL%3D%3D%3E-AJP-1.3-tf2776640.html#a7746284 Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
