Opened 14 years ago

Closed 13 years ago

Last modified 11 years ago

#72 closed defect (fixed)

https prompts for certificates way too often

Reported by: andersk Owned by:
Priority: normal Milestone:
Component: web Keywords:
Cc:

Description

With Firefox's new default of "ask every time" for client certificates, certificate-authenticated pages on scripts have been prompting for certificates multiple times on almost every page load. This does not seem to be a Firefox problem, since https://sipb-xen-dev.mit.edu/ doesn't exhibit it.

Change History (4)

comment:1 Changed 13 years ago by geofft

  • Milestone set to None

Well,

https://web.mit.edu/consult/www/certificate/test.html

and other web.mit.edu sites do exhibit this behavior. What do scripts and web do with httpd that xvm doesn't (or vice versa)?

comment:2 Changed 13 years ago by andersk

This looks possibly related? (I’m not sure since I don’t really understand SSL session caching, but it looks like it might be worth trying.)

http://thread.gmane.org/gmane.comp.apache.devel/39576 [PATCH] mod_ssl: improving session caching for SNI configurations

comment:3 Changed 13 years ago by mitchb

  • Resolution set to fixed
  • Status changed from new to closed

Lo and behold, it fixes the problem!

A new version of the patch in the above message, with a couple slight local revisions, was committed as r1348, and has been deployed. Where https://debathena.mit.edu:444/trac used to prompt me for my certificate five times, it only does so once now.

comment:4 Changed 11 years ago by ezyang

  • Milestone None deleted

Milestone None deleted

Note: See TracTickets for help on using tickets.