tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aron K." <m...@ehome.hu>
Subject RFC 5746 compliant SSL renegotiation with client certificates
Date Tue, 26 Oct 2010 17:28:17 GMT
Hi,

Firefox ist RFC 5746 compliant. (http://www.ssltls.de/)
Tomcat 6.0.29 uses JRE 1.6.22, also RFC 5746 compliant.

Renegotiation should occur, as the browser initially doesn't send the 
client certificate, then the user is supposed to choose a client cert. 
and then the browser should renegotiate the connection using the 
client certificate. This is where I get:

WARNUNG: SSL server initiated renegotiation is disabled, closing 
connection
26.10.2010 18:35:10 org.apache.tomcat.util.net.jsse.JSSESupport 
handShake

I was wondering, if there was any way to avoid 
allowUnsafeLegacyRenegotiation="true" in the SSL 443 Connector. I only 
want to allow safe renegotations! But I need this, as I can not 
configure the browser to send the client certificate at the very first 
request.

Any thought on this?
Thanks in advance, brgs, Aron.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message