> What is the typical setup in the enterprise apps? Do they just SSL > terminate at the reverse proxy OR do they setup SSL at both apache and > tomcat? In the former case, obviously the link is insecure between apache > and tomcat. > The most common setup I've seen is to terminate the SSL connection at the apache level and let apache and tomcat communicate through AJP which you obviously consider insecure.
Can I ask you what you consider insecure about AJP by the way? John --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org