Hi, First of all Filip and Bill, thanks a lot for such a good suggestion. Though I still didnt implement, but I will give a try according you said.
One more question, can you tell me when the first user request an SSL request (i mean by http://www.mysite.com) then from which part of code sends server's certificate to client? Also, how can i protect, so that tomcat doesn't go to any Certificate Authority (CA) to clarify client's certificate? Getting control on whole handshaking is the perfect solution for me. And also seeing how tomcat do that handshaking (i mean from a to z of tomcat's handshaking, from client's sending "hello" to finally session key generation) will be a good help to know how to hook my own handshaking. If you have any suggestion, please let me know. Regards, Jahid On Dec 7, 2007 8:39 PM, Bill Barker <[EMAIL PROTECTED]> wrote: > > > > -----Original Message----- > > From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] > > Sent: Friday, December 07, 2007 10:46 AM > > To: Tomcat Developers List > > Subject: Re: Tomcat SSL handshaking > > > > really only one way of doing it. > > In the BIO connector > > protocol="org.apache.coytote.http11.Http11Protocol", the handshake > > happens inside the blocking streams (at the JSSE layer), so I don't > > think you can control it here. > > Actually, you can specify your own SSLImplementation class here, and do > anything you like with the SSL protocol. JSSE is just what you get when it > can't find anything else. > > > > In the APR connector > > protocol="org.apache.coytote.http11.Http11AprProtocol", the handshake > > happens inside the openssl layer, so you can't do it there > > > > In the NIO connector > > protocol="org.apache.coytote.http11.Http11NioProtocol", the handshake > > happens inside the SSLEngine, but you could swap that out, > > since this is > > the only connector that actually gets hold of the bytes that get sent > > over the network. The code for this would be > > org/apache/tomcat/util/net/SecureNioChannel.java, look at the > > handshake > > method > > > > http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apa > > che/tomcat/util/net/SecureNioChannel.java?view=markup > > > > Filip > > > > Md. Jahid Shohel wrote: > > > Hi, > > > > > > I am really sorry to mailing here for such a question. I am mailing > > > here because I didn't get any help from other places. My question is > > > --- > > > > > > > > > How I can take the control of SSL handshaking from tomcat, so that I > > > can do the handshaking process by myself. > > > > > > Regards. > > > > > > > > > Jahid > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > This message is intended only for the use of the person(s) listed above as > the intended recipient(s), and may contain information that is PRIVILEGED and > CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, > or distribute this message or any attachment. If you received this > communication in error, please notify us immediately by e-mail and then > delete all copies of this message and any attachments. > > In addition you should be aware that ordinary (unencrypted) e-mail sent > through the Internet is not secure. Do not send confidential or sensitive > information, such as social security numbers, account numbers, personal > identification numbers and passwords, to us via ordinary (unencrypted) e-mail. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
