billbarker 2003/08/03 22:13:36 Modified: webapps/docs ssl-howto.xml webapps/docs/config coyote.xml Log: Update the documentation to reflect the fact that the Factory element is no longer required to setup a stand-alone SSL Connector. Revision Changes Path 1.5 +12 -16 jakarta-tomcat-catalina/webapps/docs/ssl-howto.xml Index: ssl-howto.xml =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/ssl-howto.xml,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- ssl-howto.xml 23 Jan 2003 23:45:12 -0000 1.4 +++ ssl-howto.xml 4 Aug 2003 05:13:35 -0000 1.5 @@ -29,11 +29,11 @@ <p>To install and configure SSL support on Tomcat 5, you need to follow these simple steps. For more information, read the rest of this HOW-TO.</p> <ol> -<li>Download JSSE 1.0.2 (or later) from +<li>If you are running a 1.3 JVM, download JSSE 1.0.2 (or later) from <a href="http://java.sun.com/products/jsse/">http://java.sun.com/products/jsse/</a> and either make it an <em>installed extension</em> on the system, or else set an environment variable <code>JSSE_HOME</code> that points at the - directory into which you installed JSSE.</li><br/><br/> + directory into which you installed JSSE. </li><br/><br/> <li>Create a certificate keystore by executing the following command: <p>Windows:</p> <source> @@ -275,10 +275,8 @@ <Connector className="org.apache.coyote.tomcat5.CoyoteConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" disableUploadTimeout="true" - acceptCount="100" debug="0" scheme="https" secure="true"> - <Factory className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory" - clientAuth="false" protocol="TLS"/> -</Connector> + acceptCount="100" debug="0" scheme="https" secure="true"; + clientAuth="false" sslprotocol="TLS"/> --> </source> @@ -305,10 +303,8 @@ that SSL is required, as required by the Servlet 2.4 Specification.</p> </em></blockquote> -<p>You will notice a <code>Factory</code> element nested inside the -<code>Connector</code> element. This is where the "socket factory" used -by Tomcat, whenever it needs a socket on the corresponding port number, -is configured. You may need to add or change the following attribute +<p>There are addional option used to configure the SSL protocol. + You may need to add or change the following attribute values, depending on how you configured your keystore earlier:</p> <table border="1"> @@ -317,11 +313,6 @@ <th>Description</th> </tr> <tr> - <td><code>className</code></td> - <td>The fully qualified class name of the Java class that implements - this socket factory. Do not change the default value.</td> - </tr> - <tr> <td><code>clientAuth</code></td> <td>Set this value to <code>true</code> if you want Tomcat to require all SSL clients to present a client Certificate in order to use @@ -342,9 +333,14 @@ password than the one Tomcat expects (<code>changeit</code>).</td> </tr> <tr> - <td><code>protocol</code></td> + <td><code>sslProtocol</code></td> <td>The encryption/decryption protocol to be used on this socket. Do not change the default value.</td> + </tr> + <tr> + <td><code>ciphers</code></td> + <td>The comma separated list of encryption ciphers that this socket is + allowed to use. By default, any available cipher is allowed.</td> </tr> </table> 1.7 +12 -14 jakarta-tomcat-catalina/webapps/docs/config/coyote.xml Index: coyote.xml =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/config/coyote.xml,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- coyote.xml 29 Jul 2003 16:40:36 -0000 1.6 +++ coyote.xml 4 Aug 2003 05:13:36 -0000 1.7 @@ -234,9 +234,9 @@ <p>The only element that may be embedded inside a <strong>Connector</strong> element is a <strong>Factory</strong> element, which is used to configure - a server socket factory component. See - <a href="#SSL Support">SSL Support</a> for more information about when - this is required.</p> + a server socket factory component. This element is never required, but + is still supported for backwards compatibility with earlier version of + Tomcat.</p> </section> @@ -295,9 +295,9 @@ <subsection name="SSL Support"> <p>You can enable SSL support for a particular instance of this - <strong>Connector</strong> by nesting an appropriate - <code><Factory></code> element inside, to set up the required - SSL socket factory. This element supports the following attributes:</p> + <strong>Connector</strong> by setting the <code>secure</code> attribute to + <code>true</code>. In addition, you may need to configure the following + attributes:</p> <attributes> @@ -306,13 +306,6 @@ specified, the default value is <code>SunX509</code>.</p> </attribute> - <attribute name="className" required="true"> - <p>The fully qualified class name of the SSL server socket - factory implementation class. You must specify - <code>org.apache.coyote.tomcat5.CoyoteServerSocketFactory</code> here. - </p> - </attribute> - <attribute name="clientAuth" required="false"> <p>Set to <code>true</code> if you want the SSL stack to require a valid certificate chain from the client before @@ -340,9 +333,14 @@ If not specified, the default value is "<code>JKS</code>".</p> </attribute> - <attribute name="protocol" required="false"> + <attribute name="sslProtocol" required="false"> <p>The version of the SSL protocol to use. If not specified, the default is "<code>TLS</code>".</p> + </attribute> + + <attribute name="ciphers" required="false"> + <p>A comma seperated list of the encryption ciphers that may be used. + If not specified, then any available cipher may be used.</p> </attribute> </attributes>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]