Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Larry,
Other than Mark's comments...
Larry Prikockis wrote:
| 1) Any thoughts on why the Apache SSL -> Tomcat combination should be so
| much slower?
If your transactions are short, it's certainly possible that most of the
time is taken up by moving bits around. 400% seems like a /very/ high
number, especially because the SSL handshake itself is probably the most
expensive bit-moving experience. I second Mark's thoughts about either
logging configuration or entropy games. Are you using APR with Tomcat,
or the Java-based SSL?
Since Tomcat is running on Windows and APR is the default config, that's
what we used.
| 2) Are there any security downsides to using Tomcat SSL directly as
| opposed to fronting it with Apache httpd?
No. In fact, I would argue that fewer moving parts lowers the chances of
problems. You're simply not going to run across any buffer overflows
exploits in Tomcat, for instance. I trust Apache httpd pretty well, but
more complexity always means more opportunities for problems.
makes sense... thanks... sounds like the biggest downside is the loss of
some of the flexibility and load-balancing options that the Httpd/Tomcat
combo provide.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
