-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Larry,
Other than Mark's comments... Larry Prikockis wrote: | 1) Any thoughts on why the Apache SSL -> Tomcat combination should be so | much slower? If your transactions are short, it's certainly possible that most of the time is taken up by moving bits around. 400% seems like a /very/ high number, especially because the SSL handshake itself is probably the most expensive bit-moving experience. I second Mark's thoughts about either logging configuration or entropy games. Are you using APR with Tomcat, or the Java-based SSL? | 2) Are there any security downsides to using Tomcat SSL directly as | opposed to fronting it with Apache httpd? No. In fact, I would argue that fewer moving parts lowers the chances of problems. You're simply not going to run across any buffer overflows exploits in Tomcat, for instance. I trust Apache httpd pretty well, but more complexity always means more opportunities for problems. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgWF+sACgkQ9CaO5/Lv0PDGlgCguwIuFjVvg/4ZIDwP/59EsVUG 1mUAn0qA48kBzj+ZTG1TYfJgfo58oUwM =yLpu -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]