Securing web service on Tomcat on Raspberry Pi

Question

I am going to secure my web service, based on soap messages but I am thinking to go through rest, deployed on Tomcat 7 on Raspberry Pi 2 (Cpu 900 Mhz, 1Gb Ram).

I tried to set Https with Tomcat 7, it works but the communication with the web service is too much slow. Before I got an answer in around 1,4 seconds, using Https it's around 5,4 seconds. I need a responsive answer for my service and to secure it against sniffing.

What alternative technique can you suggest to me?

Thanks

Answer 1

You do not provide details about how you configured https with Tomcat (what would have been useful to give you a more precise answer). The difference in response time seems to be huge to be caused by SSL processing only, maybe something is not ok with your configuration.

Regardless how you configure https in Tomcat, you may try another approach. You could let tomcat work without https and provide security using a tool like stunnel . It tunnels the TCP connection you want (it can be your "normal" http connection) through an SSL tunnel. In this way you can use your raw Tomcat configuration and let other program take care of securing the communication channel.

You can install it with:

apt-get install stunnel4

and then in the configuration file in /etc/stunnel/stunnel.conf edit:

cert = /etc/ssl/certs/your_public_cert.crt
key = /etc/ssl/private/your_private_cert.pem

[https]
accept  = 8888 
connect = 127.0.0.1:8080

With this you will be able to access your tomcat through https on port 8888.