>I have been working on a setup where an Apache webserver >1.3.24 is handling an >SSL connection with a client. The Apache server is connected >to a Tomcat server >4.0.3 installed using the .exe file. The Apache server have >mod_jk (from a >Tomcat 3.3) installed and is communicating with the Tomcat >using ajp13 protocol. > >By reading the source code for mod_jk I found that to be able >to forward the >SSL key length used by the client you had to set the following >options in your >httpd.conf file: > >JkKEYSIZEIndicator SSL_CIPHER_USEKEYSIZE >JkOptions +ForwardKeySize > >But when setting the JkOptions, Tomcat is suddenly reporting >that my connection >is no longer secure - that is the isSecure() method is false >in my servlet.
Hum, it's strange, since you should be in SSL mode to have the keysize forwarded. >Looking in the source code for jakarta-tomcat- >connectors/jk/java/org/apache/ajp/RequestHandler.java I could >see that when the >key length is forwarded the isSecure attribute is not set to true. >In the switch clause the handling for SC_A_SSL_KEY_SIZE is >returning 200 >instead of just doing a break, like all the other cases and is >not setting >isSSL to true! Rigth, the return 200 is bad. I'll commit your fix ASAP. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
