Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 22326 invoked from network); 1 Apr 2009 13:22:34 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 1 Apr 2009 13:22:34 -0000 Received: (qmail 88722 invoked by uid 500); 1 Apr 2009 13:22:29 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 88693 invoked by uid 500); 1 Apr 2009 13:22:29 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 88644 invoked by uid 99); 1 Apr 2009 13:22:19 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Apr 2009 13:22:19 +0000 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [64.99.136.190] (HELO smtprelay-virgin.hostedemail.com) (64.99.136.190) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Apr 2009 13:22:10 +0000 Received: from filter.hostedemail.com (ff-bigip1 [10.5.19.254]) by smtprelay05.hostedemail.com (Postfix) with SMTP id 8C59E62777A for ; Wed, 1 Apr 2009 13:21:49 +0000 (UTC) X-Spam-Summary: 2,0,0,020690922cb57c1d,eca4525d43bef93c,markt@apache.org,users@tomcat.apache.org,RULES_HIT:69:355:379:599:601:854:945:960:967:973:980:988:989:1187:1260:1277:1311:1313:1314:1345:1358:1359:1437:1515:1516:1518:1534:1541:1593:1594:1711:1730:1747:1766:1792:2194:2199:2393:2553:2559:2562:2828:2894:3027:3352:3865:3866:3867:3868:3869:3870:3871:3872:3873:3874:3876:3877:4250:5007:6114:6119:6120:6261:7576:7901:7903:7904:8501:9036:9040:9108:9545,0,RBL:none,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:,MSBL:none,DNSBL:none Received: from host47.msm.che.vodafone (unknown [212.183.134.64]) (Authenticated sender: med.thomas) by omf11.hostedemail.com (Postfix) with ESMTP for ; Wed, 1 Apr 2009 13:21:48 +0000 (UTC) Message-ID: <49D36A6A.1050500@apache.org> Date: Wed, 01 Apr 2009 15:21:46 +0200 From: Mark Thomas User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Renegotiate SSL connection in servlet References: <4FE60900-42E2-4CE7-8021-72A4CDE05DF4@co.sapo.pt> <49D21E30.7040408@christopherschultz.net> <49D22C95.5090809@christopherschultz.net> <0AAE5AB84B013E45A7B61CB66943C17215E6D0BFA6@USEA-EXCH7.na.uis.unisys.com> <49D2885E.3080609@apache.org> In-Reply-To: X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-session-marker: 6D65642E74686F6D6173 X-Virus-Checked: Checked by ClamAV on apache.org Andr� Cruz wrote: > On Mar 31, 2009, at 22:17 , Mark Thomas wrote: > >> Caldarale, Charles R wrote: >>>> From: Christopher Schultz [mailto:chris@christopherschultz.net] >>>> Subject: Re: Renegotiate SSL connection in servlet >>>> >>>> Your only other option for Tomcat is to configure another >>>> which would require a different IP or port number, which makes it ... >>>> inconvenient at best. >>> >>> Using a different port may not work at all with many versions of IE, >>> which "know" that all HTTPS traffic is on 443 and ignore the port on >>> the URL. >>> >>> "Standards? What standards? We don't need no stinkin' standards!" >> >> What happens if you define multiple security constraints? ie >> >> 1. Requires SSL for whole app >> 2. Requires CLIENT-CERT auth for part of the app. > > Does not work. Client certificate is not requested. Hmm. That doesn't sound good. Can you create a bugzilla entry for that use case and I'll try and take a look as to why. Mark > > Andr� > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org