tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Renegotiate SSL connection in servlet
Date Wed, 01 Apr 2009 13:21:46 GMT
André Cruz wrote:
> On Mar 31, 2009, at 22:17 , Mark Thomas wrote:
> 
>> Caldarale, Charles R wrote:
>>>> From: Christopher Schultz [mailto:chris@christopherschultz.net]
>>>> Subject: Re: Renegotiate SSL connection in servlet
>>>>
>>>> Your only other option for Tomcat is to configure another <Connector>
>>>> which would require a different IP or port number, which makes it ...
>>>> inconvenient at best.
>>>
>>> Using a different port may not work at all with many versions of IE,
>>> which "know" that all HTTPS traffic is on 443 and ignore the port on
>>> the URL.
>>>
>>> "Standards?  What standards?  We don't need no stinkin' standards!"
>>
>> What happens if you define multiple security constraints? ie
>>
>> 1. Requires SSL for whole app
>> 2. Requires CLIENT-CERT auth for part of the app.
> 
> Does not work. Client certificate is not requested.

Hmm. That doesn't sound good. Can you create a bugzilla entry for that use case
and I'll try and take a look as to why.

Mark

> 
> André
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message