tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: RFC 5746 compliant SSL renegotiation with client certificates
Date Tue, 26 Oct 2010 17:30:49 GMT
On 26/10/2010 18:28, Aron K. wrote:
> Hi,
> 
> Firefox ist RFC 5746 compliant. (http://www.ssltls.de/)
> Tomcat 6.0.29 uses JRE 1.6.22, also RFC 5746 compliant.
> 
> Renegotiation should occur, as the browser initially doesn't send the
> client certificate, then the user is supposed to choose a client cert.
> and then the browser should renegotiate the connection using the client
> certificate. This is where I get:
> 
> WARNUNG: SSL server initiated renegotiation is disabled, closing connection
> 26.10.2010 18:35:10 org.apache.tomcat.util.net.jsse.JSSESupport handShake
> 
> I was wondering, if there was any way to avoid
> allowUnsafeLegacyRenegotiation="true" in the SSL 443 Connector. I only
> want to allow safe renegotations! But I need this, as I can not
> configure the browser to send the client certificate at the very first
> request.
> 
> Any thought on this?

Tomcat hasn't been updated to take advantage of the recently updated
JDK. You might be able to achieve what you are looking for with existing
code and the right set of options.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message