DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20473>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20473 ajp13 connection between apache and tomcat is not encrypted Summary: ajp13 connection between apache and tomcat is not encrypted Product: Tomcat 4 Version: 4.0 Beta 1 Platform: All OS/Version: All Status: NEW Severity: Enhancement Priority: Other Component: Connector:Coyote JK 2 AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] The connection between apache and tomcat is not encrypted. This means if your network is breached and a packet sniffer installed then your credit card details / passwords etc can be picked up even though the connection to apache was https & encrypted. This tar adds an extra channel which provides a TLS encrypted channel between apache and tomcat. With this encrypted channel this means that data transfer between apache and tomcat is re-encryted. The channel adds in the ability to do the following type of connections. tomcat & apache communicate securly but not authenticating each other. Tomcat will only let in connections from a host who's cert has been signed by a CA it trusts. Apache will only connect to a tomcat whos CA it trusts Both apache and tomcat will only allow connections from & to hosts that it trusts their CA. Note: This trusting has NOTHING to do with the browsers connection to apache. Both apache and tomcat will pass nothing to either end about this secure connection - it is as transparent as if it were a normal socket connection. Note - 2: You need jsse.jar and jcert.jar for tomcat and openssl for apache. Best if you have setup apache with ssl ( otherwise whats the point eh ?) I have this running with jdk1.4 on linux. Tested with both apache 1.3 and apache 2. I've used tomcat 4.1.24 on the tomcat end. Although I don't see why it won't work with any tomcat 4.x or tmocat 5.x versions. TC3 i don't know! --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]