> ----- Mensagem original -----
> De: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> Enviada em: Friday, February 19, 1999 10:48 AM
> Para: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Assunto: Re: [BugDB] Personal Certificate Cache Problems (PR#107)
>
> On Fri, Feb 19, 1999, [EMAIL PROTECTED] wrote:
>
> > Full_Name: Jose Carlos Leite
> > Version: 2.2.2
> > OS: HP UX
> > Submission from: d084pgen.sibs.pt (195.138.6.212)
> >
> > I've instaled the mod_ssl 2.2.2-1.3.4 in a HP/UX.
> >
> > The apache web server is configured to require client certificates
> > to access.
> >
> > The first time i access apache with Netscape 4.08, i have to indicate
> > only the first which client certificate i will use until timeout
> > expires.
> >
> > Then, when i close the netscape browser and start again, the apache asks
> > the client certificate always.
>
> Sure, Apache asks for a new certificate whenever the client cannot resume the
> SSL session by giving a still valid session id. And as it looks Netscape
> reasonably doesn't cache SSL sessions over restart time.
I don�t explain well. After the second restart, the Netscape couldn�t cache SSL
sessions in the same session.
>
> > In the MSIE 4.x everything is working fine.
>
> You mean MSIE caches the session ids over restarts. This means it has to write
> them down to disk. And this can perhaps even considered as a security problem.
MSIE doesn�t cache the session ids over restarts. I mean that it caches sessions ids
in the same session.
>
> > Do you know what could be the problem ?? I'm i doing something wrong in
> > the apache configuration ?
>
> No, neither you, nor Apache nor Netscape does anything wrong. It's the way it
> should be: As long as the browser is running it can hold the established
> session id in core. When it's restarted a new session has to established and
> when you require client authentication a new authentication has to be
> performed.
>
> What's wrong is IMHO Microsoft...
> Ralf S. Engelschall
> [EMAIL PROTECTED]
> www.engelschall.com
I'm asking you again, what i'm doing wrong ?
Jos� Catlos Leite
> ______________________________________________________________________
> Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
> Official Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
> ______________________________________________________________________
> Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
> Official Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
