admin@glassfish.java.net

Re: Mysterious listener security

From: Kedar Mhaswade <Kedar.Mhaswade_at_Sun.COM>
Date: Wed, 25 Mar 2009 10:43:38 -0700

Right. In other words, if security-enabled=false on http-listener,
(the check-box for security is unchecked)
your entire ssl configuration is available in domain.xml, but
will be not in effect in the runtime. The HTTP traffic of such
a listener has no transport layer security whatsoever.

Valtteri Kokkoniemi wrote:
>> For such a listener the actual
>> *transport layer security* is provided by the enclosed element named
>> "ssl". Thus, this screen configures the following in (domain.xml):
>
> Just to make sure I understood, I'll try to rephrase. So the SSL tab
> specifies _how_ transport layer security is configured _if_ it is enabled
> and the security checkbox in the main tab specifies whether it is, and
> nothing else?
>