https://bz.apache.org/bugzilla/show_bug.cgi?id=69802
Mark Thomas <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|NEW |RESOLVED --- Comment #1 from Mark Thomas <[email protected]> --- Yes, there is something wrong. If the client doesn't present a certificate on initial connection the the connection will proceed without a client certificate. All will be fine until the client requires a URL with a security constraint that requires authentication. At that point a re-handshake (TLS 1.2) or PHA (TLS 1.3) is required. JSSE does not support PHA. CLIENT-CERT + TLS 1.3 only works if a certificate is required at initial connection. HTTP/2 is a different problem. HTTP/2 doesn't permit re-handshaking or PHA. Therefore HTTP/2 also only works with CLIENT-CERT if a certificate is required at initial connection. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
