> From: atul [mailto:[EMAIL PROTECTED] > Subject: Force getting Client Cert from browser > > Tomcat never initiates ssl renegotiation - probably because > it hangs onto sslsocket and sslsession object for performance.
No - it's because the *browser* uses the same sessionid and connection. Nothing Tomcat can do about that. > Is there anyway we can effect tomcat to forcefully > renegotiate ssl for client cert ? Invalidate the session after every request - but only if you really want to annoy your users. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
