DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20473>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20473 ajp13 connection between apache and tomcat is not encrypted [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |INVALID ------- Additional Comments From [EMAIL PROTECTED] 2003-06-04 12:16 ------- Using a ssh tunnel consume less resource SINCE you do crypto with native code on both side, whereas in you're solution, we're doing crypto on Apache (native) and Tomcat (java). In many configuration, Apache and Tomcat are on the same box, so the packet are local and when tomcats are remotes, which is the case for large deployment, the security SHOULD BE HANDLED for each configuration/requirement. I found a little crasy to see HTTP SSL requests, decryped by Apache, then reencrypted by Apache for Tomcat (in ajp13) and then redecrypted by Tomcat. Also you shoudn't use bugzilla for such reports. It's not an error but a missing feature so the request should be sent on tomcat-dev where developpers could respond to you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
