On 03/11/2010 05:59 AM, Anders Rundgren wrote: > Hi, > I can't help it, but TLS client cert auth is really a very crappy system > when used in browsers. I was a little bit surprised once when I logged > on to the Swedish tax department, then did logout, and returned still > being logged in! > > Microsoft "solved" this years ago by offering a > document.execCommand('ClearAuthenticationCache') > non-standard extension. > > What non-standard quirky thing works in Firefox? The Microsoft thing is also non-standard. (and also not well documented -- which version of IE did it show up in?). You are right, we need a way to clear out the SSL cache. I know NSS provides a way to clear out the whole SSL cache. Ideally we should have a way to clear out just the 'current' SSL session without requiring new handshakes on connections with other servers.
Anyway if PSM does not expose a jave script method for accessing the clear cache command, I'm sure kai or myself would be happy to review a patch which does. bob > > Anders > >
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto