Will Nordmeyer wrote:
I have a scenario right now I need help with.
My Tomcat is configured for SSL, client certificate authorization and
Certificate Revocation List checking (all outside certificates).
We have a scenario (we've found in testing) where we do a transaction
in our application, th
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Subject: Re: SSL Session Caching
> OP reports that a new SmartCard is being inserted and either the old
> session persists (and the new user is allowed to masquerade as the old
> user) or the new user is not au
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Steven,
On 2/13/13 3:01 PM, Adamus, Steven J. wrote:
> Nothing is going on. When the smartcard is removed, nothing goes
> across the wire, so how could Tomcat possibly invalidate the
> session?
!!?
OP reports that a new SmartCard is being inserte
@tomcat.apache.org]
On Behalf Of Mark Thomas
Sent: Wednesday, February 13, 2013 11:36 AM
To: Tomcat Users List
Subject: Re: SSL Session Caching
On 13/02/2013 18:49, Will Nordmeyer wrote:
> I have a scenario right now I need help with.
>
> My Tomcat is configured for SSL, client certificate authoriz
On 13/02/2013 18:49, Will Nordmeyer wrote:
> I have a scenario right now I need help with.
>
> My Tomcat is configured for SSL, client certificate authorization and
> Certificate Revocation List checking (all outside certificates).
>
> We have a scenario (we've found in testing) where we do a tra