httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: TLS renegotiation disabling : mod_ssl and OpenSSL 0.9.8l
Date Wed, 18 Nov 2009 19:47:28 GMT


On 11/18/2009 08:32 PM, Jean-Marc Desperrier wrote:
> Stefan Fritsch wrote:
>> I cannot reproduce the problems. With an openssl that rejects all
>> renegotiations, both reconnections after ssl session timeout and
>> connections to a host with sslverifyclient optional work fine (with
>> openssl s_client).
> 
> I have now succeeded in reproducing at least partially the
> "SSLVerifyClient optional" problem, though what I'm testing in not
> exactly the same as you.
> 
> I'm testing that with a server where the vhost context has
> "SSLVerifyClient None" and a /authentication directory has
> "SSLVerifyClient optional", requests that alternate between these two
> directory will repeatedly require authentication even when you have
> already authenticated yourself inside the same SSL session.

Have you tried if this goes away when you set

OptRenegotiate for SSLOptions

http://httpd.apache.org/docs/2.2/en/mod/mod_ssl.html#ssloptions

?

Regards

RĂ¼diger


Mime
View raw message