On 12/07/2019 19:07, Wilmoth, Jon wrote:
> Thanks for the very quick response! Out of curiosity is this ensured by some
> sort of caching in the Tomcat server after the TLS handshake? Or is it
> expected that the client would send the certificate with each post handshake
> request. I ask as
Thanks for the very quick response! Out of curiosity is this ensured by some
sort of caching in the Tomcat server after the TLS handshake? Or is it
expected that the client would send the certificate with each post handshake
request. I ask as I'm seeing intermittent requests that do not have
On 12/07/2019 08:22, Martynas Jusevičius wrote:
> In my experience with 8.x -- on all requests.
The above is correct for JSSE based TLS connections. It also applies to
most OpenSSL based connections.
There is one edge case that can cause problems. If:
- OpenSSL based TLS connections are used;
-
In my experience with 8.x -- on all requests.
On Fri, Jul 12, 2019 at 3:06 AM Wilmoth, Jon
wrote:
>
> I was hoping to get some clarification on when to expect client x509 certs in
> http requests where the Tomcat server (v9.x) has been configured to “want” or
> “need” client auth.
>
I was hoping to get some clarification on when to expect client x509 certs in
http requests where the Tomcat server (v9.x) has been configured to “want” or
“need” client auth.
https://javaee.github.io/servlet-spec/downloads/servlet-4.0/servlet-4_0_FINAL.pdf
says:
“If there is an SSL
