• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

SSL Connection Pool between HTTP server and Application server

 
Ranch Hand
Posts: 121
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have a HTTP Server (OHS) and an Application Server (OAS) on two separate boxes.
The connection between them is AJP/SSL using mod_oc4j.
Should I create a SSL connection pool, just like we normally do for
the connections between application and database servers? And How?
 
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is that anything like SSL connection for database ? Mean secure database connectivity for DB.
 
Glen Cai
Ranch Hand
Posts: 121
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It is for the secure connection, which does following things as SSL:

Mutual authentication between OHS and OAS with digital certificates;
Communication session encryption between OHS and OAS;
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Glen Cai:
Should I create a SSL connection pool, just like we normally do for
the connections between application and database servers?



Thanks for the explanation Glen , but I was asking about SSL for database connections as you have mentioned in your post.Is there anything like that ?
 
Bartender
Posts: 2661
19
Netbeans IDE C++ Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can set up SSH Port Forwarding.

Here's a how-to for Oracle.
Regards, Jan
[ June 05, 2007: Message edited by: Jan Cumps ]
 
Glen Cai
Ranch Hand
Posts: 121
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Jan.

I think I have to use SSL because we have to leave the payload unencrypted.
SSL allows me to do the mutual server to server authentication with certs while leaving the payload unencrypted.

With SSH, the communication between the two servers is always encrypted.
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The point of a connection pool is to leave connections open, e.g. to a DB server. Since HTTP is a connection-less protocol (meaning connection are closed as soon the transmission is done), the concept of pools doesn't apply here. (Yes, there's such a thing as HTTP keep-alive, but it still closes connections after a short time).

Using HTTPS instead of HTTP doesn't change this.
[ June 09, 2007: Message edited by: Ulf Dittmer ]
 
Glen Cai
Ranch Hand
Posts: 121
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Ulf Dittmer:
The point of a connection pool is to leave connections open, e.g. to a DB server. Since HTTP is a connection-less protocol (meaning connection are closed as soon the transmission is done), the concept of pools doesn't apply here. (Yes, there's such a thing as HTTP keep-alive, but it still closes connections after a short time).

Using HTTPS instead of HTTP doesn't change this.



A new HTTP connection is fine as long as I can use the same SSL channels
over and over for many different HTTP connections.

HTTP connection is cheap, and SSL connection is expensive. It is why we want to pool SSL connection between HTTP server and App server.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In that case, look into HTTP keep-alive, and make sure the parameters are so that the connections don't time out.

Alternatively, use plain HTTP and encrypt the data.

I'm curious: This is an intranet setting where the subnet between the web server and the app server is not trusted? Or is the web server public?
 
Glen Cai
Ranch Hand
Posts: 121
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This is an intranet setting.
reply
    Bookmark Topic Watch Topic
  • New Topic