It seems that during the normal SSL handshake the client certificate
will be sent to the server unencrypted.
My question: is there some way to make the browsers send the client
certificates encrypted?
It seems that this happens if there is
already an SSL session in place not requiring a client certificate
and the browser enters a directory where authentication with a client
certificate is needed. During the renegotiation the client certificate
is sent over an already encrypted channel.
Is this the way to do it with apache+mod_ssl ?
thanks
-Dominik Seitz
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
