billbarker 2003/08/03 22:13:36
Modified: webapps/docs ssl-howto.xml
webapps/docs/config coyote.xml
Log:
Update the documentation to reflect the fact that the Factory element is no longer
required to setup a stand-alone SSL Connector.
Revision Changes Path
1.5 +12 -16 jakarta-tomcat-catalina/webapps/docs/ssl-howto.xml
Index: ssl-howto.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/ssl-howto.xml,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- ssl-howto.xml 23 Jan 2003 23:45:12 -0000 1.4
+++ ssl-howto.xml 4 Aug 2003 05:13:35 -0000 1.5
@@ -29,11 +29,11 @@
<p>To install and configure SSL support on Tomcat 5, you need to follow
these simple steps. For more information, read the rest of this HOW-TO.</p>
<ol>
-<li>Download JSSE 1.0.2 (or later) from
+<li>If you are running a 1.3 JVM, download JSSE 1.0.2 (or later) from
<a
href="http://java.sun.com/products/jsse/";>http://java.sun.com/products/jsse/</a>
and either make it an <em>installed extension</em> on the system, or else
set an environment variable <code>JSSE_HOME</code> that points at the
- directory into which you installed JSSE.</li><br/><br/>
+ directory into which you installed JSSE. </li><br/><br/>
<li>Create a certificate keystore by executing the following command:
<p>Windows:</p>
<source>
@@ -275,10 +275,8 @@
<Connector className="org.apache.coyote.tomcat5.CoyoteConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true" disableUploadTimeout="true"
- acceptCount="100" debug="0" scheme="https" secure="true">
- <Factory className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory"
- clientAuth="false" protocol="TLS"/>
-</Connector>
+ acceptCount="100" debug="0" scheme="https" secure="true";
+ clientAuth="false" sslprotocol="TLS"/>
-->
</source>
@@ -305,10 +303,8 @@
that SSL is required, as required by the Servlet 2.4 Specification.</p>
</em></blockquote>
-<p>You will notice a <code>Factory</code> element nested inside the
-<code>Connector</code> element. This is where the "socket factory" used
-by Tomcat, whenever it needs a socket on the corresponding port number,
-is configured. You may need to add or change the following attribute
+<p>There are addional option used to configure the SSL protocol.
+ You may need to add or change the following attribute
values, depending on how you configured your keystore earlier:</p>
<table border="1">
@@ -317,11 +313,6 @@
<th>Description</th>
</tr>
<tr>
- <td><code>className</code></td>
- <td>The fully qualified class name of the Java class that implements
- this socket factory. Do not change the default value.</td>
- </tr>
- <tr>
<td><code>clientAuth</code></td>
<td>Set this value to <code>true</code> if you want Tomcat to require
all SSL clients to present a client Certificate in order to use
@@ -342,9 +333,14 @@
password than the one Tomcat expects (<code>changeit</code>).</td>
</tr>
<tr>
- <td><code>protocol</code></td>
+ <td><code>sslProtocol</code></td>
<td>The encryption/decryption protocol to be used on this socket.
Do not change the default value.</td>
+ </tr>
+ <tr>
+ <td><code>ciphers</code></td>
+ <td>The comma separated list of encryption ciphers that this socket is
+ allowed to use. By default, any available cipher is allowed.</td>
</tr>
</table>
1.7 +12 -14 jakarta-tomcat-catalina/webapps/docs/config/coyote.xml
Index: coyote.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/config/coyote.xml,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- coyote.xml 29 Jul 2003 16:40:36 -0000 1.6
+++ coyote.xml 4 Aug 2003 05:13:36 -0000 1.7
@@ -234,9 +234,9 @@
<p>The only element that may be embedded inside a <strong>Connector</strong>
element is a <strong>Factory</strong> element, which is used to configure
- a server socket factory component. See
- <a href="#SSL Support">SSL Support</a> for more information about when
- this is required.</p>
+ a server socket factory component. This element is never required, but
+ is still supported for backwards compatibility with earlier version of
+ Tomcat.</p>
</section>
@@ -295,9 +295,9 @@
<subsection name="SSL Support">
<p>You can enable SSL support for a particular instance of this
- <strong>Connector</strong> by nesting an appropriate
- <code><Factory></code> element inside, to set up the required
- SSL socket factory. This element supports the following attributes:</p>
+ <strong>Connector</strong> by setting the <code>secure</code> attribute to
+ <code>true</code>. In addition, you may need to configure the following
+ attributes:</p>
<attributes>
@@ -306,13 +306,6 @@
specified, the default value is <code>SunX509</code>.</p>
</attribute>
- <attribute name="className" required="true">
- <p>The fully qualified class name of the SSL server socket
- factory implementation class. You must specify
- <code>org.apache.coyote.tomcat5.CoyoteServerSocketFactory</code> here.
- </p>
- </attribute>
-
<attribute name="clientAuth" required="false">
<p>Set to <code>true</code> if you want the SSL stack to
require a valid certificate chain from the client before
@@ -340,9 +333,14 @@
If not specified, the default value is "<code>JKS</code>".</p>
</attribute>
- <attribute name="protocol" required="false">
+ <attribute name="sslProtocol" required="false">
<p>The version of the SSL protocol to use. If not specified,
the default is "<code>TLS</code>".</p>
+ </attribute>
+
+ <attribute name="ciphers" required="false">
+ <p>A comma seperated list of the encryption ciphers that may be used.
+ If not specified, then any available cipher may be used.</p>
</attribute>
</attributes>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
