On Fri, Feb 19, 1999, [EMAIL PROTECTED] wrote:
> Full_Name: Jose Carlos Leite
> Version: 2.2.2
> OS: HP UX
> Submission from: d084pgen.sibs.pt (195.138.6.212)
>
> I've instaled the mod_ssl 2.2.2-1.3.4 in a HP/UX.
>
> The apache web server is configured to require client certificates
> to access.
>
> The first time i access apache with Netscape 4.08, i have to indicate
> only the first which client certificate i will use until timeout
> expires.
>
> Then, when i close the netscape browser and start again, the apache asks
> the client certificate always.
Sure, Apache asks for a new certificate whenever the client cannot resume the
SSL session by giving a still valid session id. And as it looks Netscape
reasonably doesn't cache SSL sessions over restart time.
> In the MSIE 4.x everything is working fine.
You mean MSIE caches the session ids over restarts. This means it has to write
them down to disk. And this can perhaps even considered as a security problem.
> Do you know what could be the problem ?? I'm i doing something wrong in
> the apache configuration ?
No, neither you, nor Apache nor Netscape does anything wrong. It's the way it
should be: As long as the browser is running it can hold the established
session id in core. When it's restarted a new session has to established and
when you require client authentication a new authentication has to be
performed.
What's wrong is IMHO Microsoft...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
