https://issues.apache.org/bugzilla/show_bug.cgi?id=54060
--- Comment #12 from Sean Owen <sro...@apache.org> --- Hello Konstantin, it's the JVM that seems to send a bad algorithm value. I've reproduced it in the following, at least: - Java 1.6.0_37 for Mac OS X - Java 1.7.0_10 for Mac OS X - OpenJDK 1.7.0_09 for Linux They send something like... Digest username="foo", realm="Myrrix", nonce="1359097999996:13ed87b1b78c157232d609a099bcdb6e", nc=00000001, uri="/ready", response="b6f80b049b4b39000da79c96442e0740", algorithm="MD5", opaque="3E8794E4CE80B19E5DF888D615FFBBA5", cnonce="DGKKOPAFPJKCKKBDLFECINONACKFJIFNDOGKGLIO", qop="auth" algorithm="MD5" is the culprit. (Indeed looks like this is just wrong in the latest OpenJDK 7 source, at least: http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/7-b147/sun/net/www/protocol/http/DigestAuthentication.java?av=f#367 I will see about filing a bug.) If I modify the code such that the "algorithm" field is treated as "FIELD_TYPE_QUOTED_STRING" then it works, and other clients seem to still work (Safari, Chrome, curl at least). It would indeed be great to apply the same workaround, thanks! -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org