On Apr 1, 2009, at 14:21 , Mark Thomas wrote:
André Cruz wrote:
On Mar 31, 2009, at 22:17 , Mark Thomas wrote:
Caldarale, Charles R wrote:
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Subject: Re: Renegotiate SSL connection in servlet
Your only other option for Tomcat is to configure another
<Connector>
which would require a different IP or port number, which makes
it ...
inconvenient at best.
Using a different port may not work at all with many versions of
IE,
which "know" that all HTTPS traffic is on 443 and ignore the port
on
the URL.
"Standards? What standards? We don't need no stinkin' standards!"
What happens if you define multiple security constraints? ie
1. Requires SSL for whole app
2. Requires CLIENT-CERT auth for part of the app.
Does not work. Client certificate is not requested.
Hmm. That doesn't sound good. Can you create a bugzilla entry for
that use case
and I'll try and take a look as to why.
Will do. Thanks.
André
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
