On Thu, 17 Nov 2005, Seth Milder wrote:

I have a Java Applet that connects to a site requiring client side certificates.

Then it's a https site, and the appliet connects via the proxy using the CONNECT method, right?

The site is running Apache 2.0.54 with a keepalive timeout of 15 minutes. As a result the applet prompts the user for a client side certificate on its inital connection and does not prompt again unless the user has been idle for more than 15 minutes. My problem is that when we try this through our Squid proxy, the Applet prompts the user on virtually every request, making for a very annoying user experience.

Sounds like a broken applet to me.

When using the CONNECT method there is a bidirectional tunnel opened between the client and the requested web site. The proxy does not modify the data flow in any manner or impose any additional policies on keep-alive timeouts etc.

Regards
Henrik

Reply via email to