Re: TLS renegociation

To: tls%panix.com@localhost (Thor Lancelot Simon)
Subject: Re: TLS renegociation
From: manu%netbsd.org@localhost (Emmanuel Dreyfus)
Date: Sun, 4 Jul 2010 20:34:36 +0200

Thor Lancelot Simon <tls%panix.com@localhost> wrote:

> > Another problem is how to workaround the workaround. As I underdstand,
> > client certificate authentication requires renegociation if it is not
> > enabled server-wide: in that situation, the SSL handshake occurs, the
> > the client requests a ressource requiring client certificate, and the
> > server starts a renegociation so that the client can send its
> > certificate.
> 
> This is, to say the least, a particularly obnoxious abuse of SSL's
> renegotiation "feature".  It also simply won't work with a surprisingly
> large number of clients, because many small SSL/TLS implementations never
> implemented renegotiation at all.

It used to work with Firefox, I would like to get client cert
authentication working again. Even without regnegociation, since, as I
understood, it is how it should work if client cert is requested
<VirtualHost>-wide.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost

Follow-Ups:
- Re: TLS renegociation
  - From: Thor Lancelot Simon

References:
- Re: TLS renegociation
  - From: Thor Lancelot Simon

Prev by Date: Re: TLS renegociation
Next by Date: Re: TLS renegociation
Previous by Thread: Re: TLS renegociation
Next by Thread: Re: TLS renegociation
Indexes:

Home | Main Index | Thread Index | Old Index