Menu
I'm configuring SSL to support HTTPS on TOMCAT 5.5, so I referred to http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html, which elaborates on how to implement SSL.
This document describes two ways to implement SSL, namely the APR implementation and the JSSE implementation. I wonder what the difference between them is, including their shortcomings and advantages.
406
JSSE implementation that uses OpenSSL. APR implementation, which uses the OpenSSL engine by default.
The keys Tomcat will use for SSL transactions are stored in a password-protected file called, creatively, the "keystore." The first step to enabling SSL on your server is to create and edit this file.
In the connector configuration above, keystoreFile is the full path to your keystore file, keystorePass is the password you used to create your keystore, and keyAlias is the same alias name (e.g., "server") that you used to generate your CSR. Save your changes to the server. xml file. Restart the Tomcat service.
The difference is that the JDK is using it's own SSL implementation, while the APR it's using what's installed on the computer, i.e. OpenSSL in most cases.
If you have low to medium traffic for https, the Java solution is just fine, but for very heavy loading (e.g. when most pages run on https), the OpenSSL native solution is much better, and it can be recompiled and optimized, so it will run even faster and consume less resources. The main disadvantage of APR+OpenSSL however is that it requires more configuration and tuning + testing, the Java version working simply out-of-the box.
What I usually do, is to always use the default Java SSL solution together with monitoring tools, and if the traffic turns heavy, then, and only then spend the effort to tune the APR solution.
161
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
