"i_am" <techat...@yahoo.com> wrote in message news:23286972.p...@talk.nabble.com... > > Thanks Charles. > Ok getting back to it after a looong break... > > I looked at the ssl traces and looks like client is sending server an > Alert > (21) Warning (close notify) but, > server (tomcat) seems to ignore it! > Is there a way (config) to force tomcat to renegotiate ?
Nope. Tomcat relies on the underlying JVM implementation for secure sockets for the most part. > I even tried to invoke Tomcat action code ACTION_REQ_SSL_CERTIFICATE > which, > I thought should force renegotiation but still does not. As you have found out, this will only force renegotiation if the client cert is missing. Anyway, most browsers treat CLIENT-CERT like BASIC and just resend the credentials. > I still see the same behavior where Tomcat just uses cached certificate!!! > > Versions : Tomcat 5.5.27 with Java 1.6.0_11 on SLES10. > > Any help is appreciated... > > Thanks > > > > > Caldarale, Charles R wrote: >> >>> From: atul [mailto:techat...@yahoo.com] >>> Subject: Re: Force getting Client Cert from browser >>> >>> I tried invalidating httpsession but that didnt work. >> >> I'm a bit surprised at that, but I haven't gone through the code enough >> to >> figure out why that didn't work. There's a tangentially related thread >> here: >> http://marc.info/?l=tomcat-user&m=120092922008604&w=2 >> >>> Also, in a deployment where if a machine is shared by >>> multiple users and user1 forgets to close the browser before >>> leaving, the user can log right in as user1. >> >> A problem in any environment that has shared access points, not unique to >> using certificates for client authentication. >> >> - Chuck >> >> >> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY >> MATERIAL and is thus for use only by the intended recipient. If you >> received this in error, please contact the sender and delete the e-mail >> and its attachments from all computers. >> >> --------------------------------------------------------------------- >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> > > -- > View this message in context: > http://www.nabble.com/Force-getting-Client-Cert-from-browser-tp20155194p23286972.html > Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
