I have Apache and Tomcat running together under SSL. I now want to create a
page which only run under SSL. I want http and https to share the same
documents however. My first idea is to simply have a tag handler, which
detects the protocol, and if not SSL is simply redirects to a page explaning
why they cannot view the requested document.
By problem is that I'm not sure on the correct way to retrieve what type of
protocol is being used. There is a getAuthType method in HttpServletRequest,
but the return type is simply a string (e.g. "BASIC" or "SSL"). My concern
is that this return could vary from browser to browser. Can I assume that if
using SSL the return will always be the string "SSL"? Also, how can I detect
which level of encryption is being used? Ideally, I'd like to restrict users
to connecting using 128bit only, or at least issue a warning when its at
40bit.
Thanks in advance,
Sam
