Re: [squid-users] Java Plugin With Client Cert Auth and Keepalive
Henrik Nordstrom wrote: On Thu, 17 Nov 2005, Seth Milder wrote: I have a Java Applet that connects to a site requiring client side certificates. Then it's a https site, and the appliet connects via the proxy using the CONNECT method, right? This is correct. The site is running Apache 2.0.54 with a keepalive timeout of 15 minutes. As a result the applet prompts the user for a client side certificate on its inital connection and does not prompt again unless the user has been idle for more than 15 minutes. My problem is that when we try this through our Squid proxy, the Applet prompts the user on virtually every request, making for a very annoying user experience. Sounds like a broken applet to me. When using the CONNECT method there is a bidirectional tunnel opened between the client and the requested web site. The proxy does not modify the data flow in any manner or impose any additional policies on keep-alive timeouts etc. Well, it is more than a broken applet. It is, I believe, a broken implementation. I am starting to think that the Java plugin itself is to blame. I recently wrote the simplest applet I could that would just retrieve a URL and it exhibits the exact same behavior. I now think this is not something wrong with Squid, but the Java plugin's HttpsURLConnection implementation. If you've any more insights, they would be appreciated. Best, Seth Milder Regards Henrik
Re: [squid-users] Java Plugin With Client Cert Auth and Keepalive
On Thu, 17 Nov 2005, Seth Milder wrote: I have a Java Applet that connects to a site requiring client side certificates. Then it's a https site, and the appliet connects via the proxy using the CONNECT method, right? The site is running Apache 2.0.54 with a keepalive timeout of 15 minutes. As a result the applet prompts the user for a client side certificate on its inital connection and does not prompt again unless the user has been idle for more than 15 minutes. My problem is that when we try this through our Squid proxy, the Applet prompts the user on virtually every request, making for a very annoying user experience. Sounds like a broken applet to me. When using the CONNECT method there is a bidirectional tunnel opened between the client and the requested web site. The proxy does not modify the data flow in any manner or impose any additional policies on keep-alive timeouts etc. Regards Henrik
[squid-users] Java Plugin With Client Cert Auth and Keepalive
Hi, I have a Java Applet that connects to a site requiring client side certificates. The site is running Apache 2.0.54 with a keepalive timeout of 15 minutes. As a result the applet prompts the user for a client side certificate on its inital connection and does not prompt again unless the user has been idle for more than 15 minutes. My problem is that when we try this through our Squid proxy, the Applet prompts the user on virtually every request, making for a very annoying user experience. We have played with both Squid 2.4 and 3.0 and tweaked serveral promising-sounding parameters with no success. Is there something I am missing? I can mail any logs or config files as needed. One clue is that it does seem to work for requests spaced at about 2 seconds or so apart, but not more. Thanks for any insights as to what might be happening here. Best, Seth