On Tue, 2004-08-17 at 06:26, QM wrote: > On Tue, Aug 17, 2004 at 05:33:00AM -0700, Cott Lang wrote: > : One problem with that is you can still have the session hop servers > : since the Local Director can't match up cookie based mappings to SSL > : session mappings, since it can't read the cookies from SSL connections, > : and can't read non-existant SSL session IDs from non-SSL sessions. > > I may have dreamt this =) but I thought you could have the > LocalDirector/F5/whatever handle SSL for you, then send plaintext > traffic back to the Tomcat containers. (This is effectively what > people do when they put a web server in front of Tomcat using jk/jk2.)
You did not dream it. :) However, many load balancers do not support offloading SSL - I didn't think any Local Director models did, mine don't. I've fallen out of touch with load balancing hardware lately. I'm not sure what (if anything) is "affordable" out there that supports SSL offload anymore. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
