Jonathan Eric Miller wrote:
> First off, I would like to congratulate the Tomcat developers for the
> release of 3.2. You guys are doing a greate job and I look forward to using
> it.
>
> One thing that I think would be very helpful to users is if you could
> provide binaries for mod_jk. I'm guessing it's just a matter of resources
> and not having developers around that can make these binaries. From what I
> remember, there used to be Solaris binaries awhile back. Then, Solaris
> seemed to be dropped in favor of Linux. I just wanted to make a point that
> there are probably still a lot of Solaris users out there that might
> appreciate have a binary as well.
>
I have asked for help on the developer list in accumulating pre-compiled
versions of the native code modules on the developer list. I'd like to post
them all, no matter how popular or obscure a particular platform is.
>
> I'm going to try to build it right now. It's been a few months since I last
> did this. At that time I found that the instructions had improved a bit
> which I really appreciated. I had major problems building mod_jserv
> previously, due to pretty much non-existent or incorrect documentation.
>
> BTW, I'm hoping at some point to no longer have to use Apache Web Server at
> all and instead just use Tomcat in stand-alone mode. However, there are a
> few issues that I need to resolve first. One issue is that I want to limit
> SSL connections to using 128-bit encryption and not 40-bit or 56-bit. I'm
> not sure if this is possible with Tomcat.
>
Hmmm. By default, the SSL connection factory in Tomcat is initialized to accept
all possible cipher suites. It wouldn't be too hard to make that configurable.
In Tomcat 4.0, you have an additional option -- a recent addition to the servlet
2.3 spec requires the servlet container to expose two new request attributes:
the cipher suite that is being used, and the key size. It would be possible to
programmatically reject such a request in a servlet or a filter.
> Jon
Craig McClanahan
