Pretty much. See: http://jakarta.apache.org/tomcat/tomcat-3.3-doc/AJPv13.html
"Adding support for SSL, so that isSecure() and geScheme() will function correctly within the servlet container. The client certificates and cipher suite will be available to servlets as request attributes." Regards, Michael ----- Original Message ----- From: "Jason Koeninger" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Tuesday, August 27, 2002 2:20 PM Subject: RE: one last plea for help > I may be wrong, but isn't the only difference between ajp13 and ajp12 > with respect to SSL that the ServletRequest.isSecure method works > correctly? > > Regards, > > Jason Koeninger > J&J Computer Consulting > http://www.jjcc.com > > On Tue, 27 Aug 2002 14:11:55 -0400, Turner, John wrote: > > > > >As far as I know, based on a discussion last week on this topic, > >communications between apache and tomcat via AJP13 are unencrypted whether > >you have tomcat enabled for SSL or not. > > > >You are correct that mod_ssl is used for SSL on apache. That is all you > >need to encrypt a session between a browser and a webserver. The connector > >(which uses the AJP13 protocol) does not use SSL. The request is decrypted > >by apache, then sent over the connector to tomcat. Tomcat processes the > >request, and sends the result back over the connector to apache. Apache > >encrypts the response, and sends it back to the browser. > > > >So, to setup SSL on apache, use mod_ssl. (http://www.modssl.org) Using > >mod_ssl will have no effect on the connection between apache and tomcat > >using the AJP13 connector. > > > >John Turner > >[EMAIL PROTECTED] > > > >> -----Original Message----- > >> From: Peter Choe [mailto:[EMAIL PROTECTED]] > >> Sent: Tuesday, August 27, 2002 2:06 PM > >> To: Tomcat Users List > >> Subject: RE: one last plea for help > >> > >> > >> what do you mean? i want to use mod_ssl on apache to encrypt > >> connection > >> between the server and the browser. i > >> have read that you need ajp13 connector to use ssl. > >> > >> Peter Choe > >> > >> At 01:44 PM 8/27/2002, you wrote: > >> > >> >The connection between apache and tomcat is not encrypted. > >> There's more > >> >detail on this in the archives, there was a discussion on it > >> last week. > >> > > >> >John Turner > >> >[EMAIL PROTECTED] > >> > > > > >-- > >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > > > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
