Thanks, that's kind of what I thought. I was curious if there were any large show-stopper type of issues that I wasn't aware of and there doesn't appear to be. I know certificate management will be a little awkward compared to what I'm used to, but I can deal with that. I will experiment with both alternatives and see what works best. It would be nice to only have to worry about one server, but there are more unknowns (risks) with the tomcat only method.
Lloyd > -----Original Message----- > From: Craig R. McClanahan [mailto:craigmcc@;apache.org] > Sent: Monday, November 11, 2002 6:27 PM > To: Tomcat Users List > Subject: Re: SSL in tomcat vs. apache > > > > > On Mon, 11 Nov 2002, Lloyd Meinholz wrote: > > > Date: Mon, 11 Nov 2002 15:33:16 -0500 > > From: Lloyd Meinholz <[EMAIL PROTECTED]> > > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Subject: SSL in tomcat vs. apache > > > > Does anyone have any comparison facts or opinions on the > difference in > > running SSL in apache vs. SSL in tomcat (Java)? We're > running on Sun boxes > > and using JDK 1.4.1 if that matters (other than JSSE is built-in). > > > > Most of our sites are dynamic, but we are currently using a > web server for > > authentication and SSL encryption (the whole site, not just > part of it) and > > a few static pages. We are required to password protect and > encrypt the > > entire site. I am tempted to do away with our web server, > but am a little > > nervous about doing computationally intensive stuff with > Java and what the > > performance would be. > > > > I will have to use JNDI Realms to authenticate to our LDAP > server also, but > > I do quite a bit with JNDI already and am a bit more > comfortable with that > > issue. > > > > Thanks for any insight. > > > > In theory, doing the SSL decryption in the web server > (typically in highly > optimized C or C++ code) should run faster. The gap is > probably smaller > with recent JVMs (where the code that does this will get > JIT'd by HotSpot > fairly soon if it gets used a lot). (The same argument > applies to things > like HTTP header parsing in C versus Java, but the gaps are probably > smaller there.) > > In practice, the only way to know for sure is to try it both > ways and see > if there is a difference that matters in *your* environment. > > > Lloyd > > > > Craig > > > > -- > To unsubscribe, e-mail: > <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> > For additional commands, e-mail: > <mailto:tomcat-user-help@;jakarta.apache.org> >
