Hi all i hope someone can gives me an explanation or a solution for this problem: I have a reverse proxy ssl on production environnement, based on apache 2.2.17 and modssl2.2.16 and openssl 0.9.8r and sslcache (shù) Clients are auhentified by a client certificate, on the other hand my sever is authentified by its certificate chain which hae a size of 4250ko, the problem is that when i restart apache gracefully, i loose the ssl connection, client see an error saying that the negociation is interrputed by the server I activate debug logs for ssl and i can see that when the error happen, i have a message in apache in debug level not error level: Exit failed in sslv3 read client certificate B, and with a tcp dump i can see that the certificate veriy message is empty, the ssl handshake begins correctly but in the step of certificate verify, the message contains zeros(0), i guess the message is empty I forgot to say that i use graceful restart to load the crl, and i wont use a solution based on oscp which may be expensive. I noticed after activating logs that i have errors sometimes with this message Exit failed in sslv3 read client certificate A and clients tell me that they have sometimes blank page due to this error Hope you can help me understand, Cordialement, jawed khelil
