Re: Non-secure HTTP connector with secure=true requires a keystore?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, Mark Thomas wrote: That looks like a bug to me. Please add to to bugzilla so it doesn't get lost and forgotten about. Done. Thanks. https://issues.apache.org/bugzilla/show_bug.cgi?id=45997 - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjzavEACgkQ9CaO5/Lv0PB0wgCgt/MUBpo3VYL2yck/Z/J8sPpe uOUAoJq4XxNXggEp2ugeYpq9264/OEwa =Afz9 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Non-secure HTTP connector with secure=true requires a keystore?
Christopher Schultz wrote: Chuck, Caldarale, Charles R wrote: The code in 6.0 is noticeably different from that in 5.5 for protocol initialization, including setting up the socket factory. Would it be possible to test the config on 6.0 to see if you can achieve the desired results there? Here is what I've found: Tomcat 5.5.26 with the following Connector configuration (which is identical to that provided in the example server.xml that ships with TC 5.5.26 plus the secure=true attribute): Connector port=8080 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true secure=true / I get the following exception: java.io.FileNotFoundException: /home/chris/.keystore (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.init(FileInputStream.java:106) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:284) Removing the secure=true attribute results in a successful startup (as expected). That looks like a bug to me. Please add to to bugzilla so it doesn't get lost and forgotten about. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Non-secure HTTP connector with secure=true requires a keystore?
I found documentation the http://tomcat.apache.org/tomcat-6.0-doc/printer/ssl-howto.html states that situation accurately Congratulations chris on finding a bonafide bug on Tomcat 5.5.26 doc Martin Gainty __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. Date: Sat, 11 Oct 2008 13:53:46 +0100 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: Non-secure HTTP connector with secure=true requires a keystore? Christopher Schultz wrote: Chuck, Caldarale, Charles R wrote: The code in 6.0 is noticeably different from that in 5.5 for protocol initialization, including setting up the socket factory. Would it be possible to test the config on 6.0 to see if you can achieve the desired results there? Here is what I've found: Tomcat 5.5.26 with the following Connector configuration (which is identical to that provided in the example server.xml that ships with TC 5.5.26 plus the secure=true attribute): Connector port=8080 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true secure=true / I get the following exception: java.io.FileNotFoundException: /home/chris/.keystore (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.init(FileInputStream.java:106) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:284) Removing the secure=true attribute results in a successful startup (as expected). That looks like a bug to me. Please add to to bugzilla so it doesn't get lost and forgotten about. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ See how Windows Mobile brings your life together—at home, work, or on the go. http://clk.atdmt.com/MRT/go/msnnkwxp1020093182mrt/direct/01/
Re: Non-secure HTTP connector with secure=true requires a keystore?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter, Peter Rossbach wrote: As you want SSL enabled, you must add schema=https secure=true SSLEnabled=true at your config. No, I don't want SSL enabled. I want Tomcat to NOT do SSL, but I want it to report to my application that SSL is being used. The deal is that I want to be able to have a localhost-only Connector that appears to be secure, but isn't actually using SSL so I can avoid the SSL performance hit. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvZ6EACgkQ9CaO5/Lv0PD1jQCcCSGXFpvP3L5lkDV62rQJau+J qekAoIhvvNGuoewgdwa6omh6bvzoAlX/ =hA5e -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Non-secure HTTP connector with secure=true requires a keystore?
No, I don't want SSL enabled. I want Tomcat to NOT do SSL, but I want it to report to my application that SSL is being used. So you want quality software to lie to you? It would be a bug if Tomcat said it was secure when it's not, and it sounds pretty goofy to want it. The deal is that I want to be able to have a localhost-only Connector that appears to be secure, but isn't actually using SSL so I can avoid the SSL performance hit. So use HTTP. Appearing secure buys you nothing other than fooling yourself. You are not telling us something because such a spec makes no sense. Your app can assume anything it wants (boolean isSecure = true; int one = 2;). David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Non-secure HTTP connector with secure=true requires a keystore?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Filip, Filip Hanik - Dev Lists wrote: secure=... corresponds to request.isSecure I have not found this to be entirely true. Please see my original post. If secure=true merely sets the return value for request.isSecure, then I should not need a keystore file during startup. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvfz0ACgkQ9CaO5/Lv0PD7qgCgncdi01+AR4eJiSTPHkyG7Ms2 +gQAoI9ZXQ2aLxQuhObdTyyxJnrmBMxG =Ygca -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Non-secure HTTP connector with secure=true requires a keystore?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, David Wall wrote: No, I don't want SSL enabled. I want Tomcat to NOT do SSL, but I want it to report to my application that SSL is being used. So you want quality software to lie to you? It would be a bug if Tomcat said it was secure when it's not, and it sounds pretty goofy to want it. What about the AJP connector, which does exactly the same thing? An SSL connection to Apache httpd is translated into a non-secure communication to Tomcat, and yet request.isSecure() returns true. The deal is that I want to be able to have a localhost-only Connector that appears to be secure, but isn't actually using SSL so I can avoid the SSL performance hit. So use HTTP. Appearing secure buys you nothing other than fooling yourself. You are not telling us something because such a spec makes no sense. Your app can assume anything it wants (boolean isSecure = true; int one = 2;). I would also like to use transport-guaranteeCONFIDENTIAL/transport-guarantee which essentially requires HTTPS to be used. I would like to represent a connection as secure, not as HTTPS. Since I trust localhost, I consider that secure, just as I trust the connections coming from mod_jk as outlined above. This is not a case of true = false or 1 = 2. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvfvoACgkQ9CaO5/Lv0PCJsACffNLqYH1/ecumoMiGdldz+Plz xh4An3/+JGTlWBRqWHUL34PMX9pSebDe =4Bwd -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Non-secure HTTP connector with secure=true requires a keystore?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, Caldarale, Charles R wrote: The code in 6.0 is noticeably different from that in 5.5 for protocol initialization, including setting up the socket factory. Would it be possible to test the config on 6.0 to see if you can achieve the desired results there? Here is what I've found: Tomcat 5.5.26 with the following Connector configuration (which is identical to that provided in the example server.xml that ships with TC 5.5.26 plus the secure=true attribute): Connector port=8080 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true secure=true / I get the following exception: java.io.FileNotFoundException: /home/chris/.keystore (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.init(FileInputStream.java:106) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:284) Removing the secure=true attribute results in a successful startup (as expected). Tomcat 6.0.18 with the following Connector configuration (which is the default that ships with TC 6.0.18 plus the secure=true attribute): Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 secure=true / Successful startup. Using HTTP, a test JSP reports that request.isSecure() returns true, which is exactly what Filip claims. It appears that the behavior of TC 6.0 and 5.5 are not the same. I would have expected 5.5 to act like 6.0. Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvhBEACgkQ9CaO5/Lv0PCyfwCeLea0BMA8CwntIS5GcuM+09KM ebYAnislqC5kphJalmEBoy+YcuM9JhQt =ltK5 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Non-secure HTTP connector with secure=true requires a keystore?
Same here. I terminate all SSL in a load balancer and forward in the clear back to 8080 or 8081. Application code is peppered non-standard calls to see things set by a filter to see if it's considered secure even though Tomcat thinks otherwise. In the more extreme case, I could consider all packets to be secure in that all packets are traveling over a VPN tunnel or on a high-speed interconnect between nodes inside the same box. If I recall, SSL doesn't actually require you to negotiate any encryption standard (the NULL cipher -- http://www.openssl.org/docs/ apps/ciphers.html). And of course, selecting SSL doesn't meant the keys haven't been unknowingly compromised. Really, this should be a marker to denote that the connection is administratively considered secure. greg On Oct 10, 2008, at 9:12 AM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, David Wall wrote: No, I don't want SSL enabled. I want Tomcat to NOT do SSL, but I want it to report to my application that SSL is being used. So you want quality software to lie to you? It would be a bug if Tomcat said it was secure when it's not, and it sounds pretty goofy to want it. What about the AJP connector, which does exactly the same thing? An SSL connection to Apache httpd is translated into a non-secure communication to Tomcat, and yet request.isSecure() returns true. The deal is that I want to be able to have a localhost-only Connector that appears to be secure, but isn't actually using SSL so I can avoid the SSL performance hit. So use HTTP. Appearing secure buys you nothing other than fooling yourself. You are not telling us something because such a spec makes no sense. Your app can assume anything it wants (boolean isSecure = true; int one = 2;). I would also like to use transport-guaranteeCONFIDENTIAL/transport-guarantee which essentially requires HTTPS to be used. I would like to represent a connection as secure, not as HTTPS. Since I trust localhost, I consider that secure, just as I trust the connections coming from mod_jk as outlined above. This is not a case of true = false or 1 = 2. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvfvoACgkQ9CaO5/Lv0PCJsACffNLqYH1/ecumoMiGdldz+Plz xh4An3/+JGTlWBRqWHUL34PMX9pSebDe =4Bwd -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Non-secure HTTP connector with secure=true requires a keystore?
From: Christopher Schultz [mailto:[EMAIL PROTECTED] Subject: Re: Non-secure HTTP connector with secure=true requires a keystore? Successful startup. Using HTTP, a test JSP reports that request.isSecure() returns true, which is exactly what Filip claims. It appears that the behavior of TC 6.0 and 5.5 are not the same. That's what I surmised from reading the code; 6.0 is more straightforward, with less interaction amongst the attributes. I would have expected 5.5 to act like 6.0. An odd assumption... - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Non-secure HTTP connector with secure=true requires a keystore?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, Caldarale, Charles R wrote: From: Christopher Schultz [mailto:[EMAIL PROTECTED] Subject: Re: Non-secure HTTP connector with secure=true requires a keystore? I would have expected 5.5 to act like 6.0. An odd assumption... Perhaps I should have said the 6.0 behavior is what I would have expected. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvjZIACgkQ9CaO5/Lv0PAkgwCeMFz4Co5amkOKLC0PgKM7LcU6 NXAAoLsyCs226ONrxTUtrUqO1spwKglN =4j8S -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Non-secure HTTP connector with secure=true requires a keystore?
Hi, I don't have this problem at tomcat 6.0.18 Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ Connector port=9080 executor=tomcatThreadPool protocol=HTTP/1.1 connectionTimeout=6 URIEncoding=UTF-8 / Connector port=9089 schema=http secure=true executor=tomcatThreadPool protocol=HTTP/1.1 connectionTimeout=6 URIEncoding=UTF-8 / Test with folloing index.jsp %= new java.util.Date() % %= request.isSecure() % As you want SSL enabled, you must add schema=https secure=true SSLEnabled=true at your config. Peter Am 07.10.2008 um 21:01 schrieb Christopher Schultz: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, Caldarale, Charles R wrote: From: Christopher Schultz [mailto:[EMAIL PROTECTED] Subject: Re: Non-secure HTTP connector with secure=true requires a keystore? I tried it with scheme=http at first, and got the same exception. The code in 6.0 is noticeably different from that in 5.5 for protocol initialization, including setting up the socket factory. Would it be possible to test the config on 6.0 to see if you can achieve the desired results there? Yeah, I can probably try that. I don't even need an app to deploy in order to test ;) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjrsgkACgkQ9CaO5/Lv0PCWPQCbBXylAq0lmheCGZwpsxPrL9yA SJEAoIoJ/FHSV+pK+6J1PalX9DWWWZCq =xNNQ -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Non-secure HTTP connector with secure=true requires a keystore?
Peter Rossbach wrote: Hi, I don't have this problem at tomcat 6.0.18 Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ Connector port=9080 executor=tomcatThreadPool protocol=HTTP/1.1 connectionTimeout=6 URIEncoding=UTF-8 / Connector port=9089 schema=http secure=true executor=tomcatThreadPool protocol=HTTP/1.1 connectionTimeout=6 URIEncoding=UTF-8 / Test with folloing index.jsp %= new java.util.Date() % %= request.isSecure() % As you want SSL enabled, you must add schema=https secure=true SSLEnabled=true at your config. actually, if you want SSL, you only have to add SSLEnabled=true scheme=... corresponds to request.getScheme secure=... corresponds to request.isSecure this is tomcat6, tomcat5 uses secure to determine if SSL should be turned on Peter Am 07.10.2008 um 21:01 schrieb Christopher Schultz: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, Caldarale, Charles R wrote: From: Christopher Schultz [mailto:[EMAIL PROTECTED] Subject: Re: Non-secure HTTP connector with secure=true requires a keystore? I tried it with scheme=http at first, and got the same exception. The code in 6.0 is noticeably different from that in 5.5 for protocol initialization, including setting up the socket factory. Would it be possible to test the config on 6.0 to see if you can achieve the desired results there? Yeah, I can probably try that. I don't even need an app to deploy in order to test ;) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjrsgkACgkQ9CaO5/Lv0PCWPQCbBXylAq0lmheCGZwpsxPrL9yA SJEAoIoJ/FHSV+pK+6J1PalX9DWWWZCq =xNNQ -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Non-secure HTTP connector with secure=true requires a keystore?
I'm trying to configure an HTTP Connector that reports to the application that the connection is secure. According to the TC documentation (http://tomcat.apache.org/tomcat-5.5-doc/config/http.html), you should be able to simply set: secure=true in the Connector and all should be well. Yes, this is used when you'll be using SSL/TLS with https type URLs. To do SSL, you'll need a keystore to with a key created that represents the web server's domain name (i.e. cn=www.webserver.org). I would have expected an HTTP connector to be created, but it appears that an HTTPS connector is being created instead. If you only want http, then secure will always be false. Of course, I'm not sure which of the scheme and secure attributes tells it to use SSL HTTP/1.1 connector. If you don't want a keystore and want HTTP instead of HTTPS, just leave the secure attribute off. David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Non-secure HTTP connector with secure=true requires a keystore?
From: Christopher Schultz [mailto:[EMAIL PROTECTED] Subject: Non-secure HTTP connector with secure=true requires a keystore? I'm trying to configure an HTTP Connector that reports to the application that the connection is secure. I thought I had done this using just what you described, but it may have been in 6.0. Can you post the config for the Connector in question? Have you left the scheme set to HTTP? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Non-secure HTTP connector with secure=true requires a keystore?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, Caldarale, Charles R wrote: I thought I had done this using just what you described, but it may have been in 6.0. Can you post the config for the Connector in question? Have you left the scheme set to HTTP? Yup. Here's the configuration: Connector port=8080 maxHttpHeaderSize=8192 maxThreads=50 minSpareThreads=25 maxSpareThreads=25 enableLookups=false acceptCount=100 connectionTimeout=2 disableUploadTimeout=true secure=true URIEncoding=UTF-8 address=127.0.0.1 / I tried it with scheme=http at first, and got the same exception. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjrrWAACgkQ9CaO5/Lv0PCLEACfSOwB05/YTDTqxEqDEzxb14tN iO0An207foePktmdgJcktXI2NHeyUd1/ =68jf -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Non-secure HTTP connector with secure=true requires a keystore?
From: Christopher Schultz [mailto:[EMAIL PROTECTED] Subject: Re: Non-secure HTTP connector with secure=true requires a keystore? I tried it with scheme=http at first, and got the same exception. The code in 6.0 is noticeably different from that in 5.5 for protocol initialization, including setting up the socket factory. Would it be possible to test the config on 6.0 to see if you can achieve the desired results there? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Non-secure HTTP connector with secure=true requires a keystore?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, Caldarale, Charles R wrote: From: Christopher Schultz [mailto:[EMAIL PROTECTED] Subject: Re: Non-secure HTTP connector with secure=true requires a keystore? I tried it with scheme=http at first, and got the same exception. The code in 6.0 is noticeably different from that in 5.5 for protocol initialization, including setting up the socket factory. Would it be possible to test the config on 6.0 to see if you can achieve the desired results there? Yeah, I can probably try that. I don't even need an app to deploy in order to test ;) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjrsgkACgkQ9CaO5/Lv0PCWPQCbBXylAq0lmheCGZwpsxPrL9yA SJEAoIoJ/FHSV+pK+6J1PalX9DWWWZCq =xNNQ -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]