I may be wrong, but isn't the only difference between ajp13 and ajp12 with respect to SSL that the ServletRequest.isSecure method works correctly?
Regards, Jason Koeninger J&J Computer Consulting http://www.jjcc.com On Tue, 27 Aug 2002 14:11:55 -0400, Turner, John wrote: > >As far as I know, based on a discussion last week on this topic, >communications between apache and tomcat via AJP13 are unencrypted whether >you have tomcat enabled for SSL or not. > >You are correct that mod_ssl is used for SSL on apache. That is all you >need to encrypt a session between a browser and a webserver. The connector >(which uses the AJP13 protocol) does not use SSL. The request is decrypted >by apache, then sent over the connector to tomcat. Tomcat processes the >request, and sends the result back over the connector to apache. Apache >encrypts the response, and sends it back to the browser. > >So, to setup SSL on apache, use mod_ssl. (http://www.modssl.org) Using >mod_ssl will have no effect on the connection between apache and tomcat >using the AJP13 connector. > >John Turner >[EMAIL PROTECTED] > >> -----Original Message----- >> From: Peter Choe [mailto:[EMAIL PROTECTED]] >> Sent: Tuesday, August 27, 2002 2:06 PM >> To: Tomcat Users List >> Subject: RE: one last plea for help >> >> >> what do you mean? i want to use mod_ssl on apache to encrypt >> connection >> between the server and the browser. i >> have read that you need ajp13 connector to use ssl. >> >> Peter Choe >> >> At 01:44 PM 8/27/2002, you wrote: >> >> >The connection between apache and tomcat is not encrypted. >> There's more >> >detail on this in the archives, there was a discussion on it >> last week. >> > >> >John Turner >> >[EMAIL PROTECTED] >> > > >-- >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
