"Rossen Raykov" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi All, > > Is there anybody interested in encrypting the AJP communication channel? > Is anything like that planned for the next release? >
It's on the wishlist for AJP/1.4 (as well as compression). However there hasn't been much developer traction on AJP/1.4 for years. The general consence on [EMAIL PROTECTED] has been to not add it to an AJP/1.3 release, so the answer to your second question is likely: no. The answer to your first question (based on this list) is likely: yes. AJP is designed to work over high-speed, secure, internal networks. In this type of environment, if a black-hat can manage to sniff AJP traffic, you have much bigger problems on your hands ;). However, if you want to submit patches to add encryption, I'm sure that you will find tomcat developers that are interested in reviewing them. As Markus said, there are plenty of ways to encrypt AJP traffic today. Just judging from this list, SSH tunnelling is popular, as well as Markus' suggestion of OpenVPN. > Rossen > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
