2 Replies Latest reply on Jun 6, 2003 4:02 AM by fodder

    Secure apache to tomcat/jetty link.

    fodder

      I've made a channel for mod_jk2 which encrypts the ajp protocol between Apache and tomcat/jetty.

      If you've got an https site and your apache and tomcat/jetty are on different machines (for example for a load balanced situation). You might want to think carefully
      about the fact that the data between the two machines is not encrypted.
      ie anyone packet sniffing *will* get your credit card details.

      If anyone is interrested please post back.
      Ta
      David

        • 1. Re: Secure apache to tomcat/jetty link.
          jonlee

          Sounds interesting. Are there any underlying requirements for the encryption, is it symmetrical or assymetrical and what is the perfornance hit?

          • 2. Re: Secure apache to tomcat/jetty link.
            fodder

            As long as you have apache compiled with ssl (otherwise why ?) and jsse.jar & jcerts.jar - ie the usual stuff for doing SSL you have all the stuff !

            The performance hit is the same as if you were doing anything over an https connection. except that ajp13 is quite good at maintaining a connection between apache and tomcat. So the heavy part of th hand shake doesn't happen that often.