[openssl-users] Firefox problems with two way SSL auth
David Balažic
xerces9+osl at gmail.com
Tue Feb 23 15:27:26 UTC 2016
Apparently it is OpenSSL bug/ticket number 2288.
Hopefully fixed sometime...
Regards,
David
On 12 February 2016 at 18:09, David Balažic <xerces9+osl at gmail.com> wrote:
> Hi!
>
> Tomcat released version 8.0.32 which bundles OpenSSL 1.0.2e (see below)
> The issue remains (with the change that now IE can not connect at all,
> it complains about some TLS stuff, did not look into it).
>
> Any hints how to tackle this problem are welcome.
>
> Version details (from tomcat startup log):
> Loaded APR based Apache Tomcat Native library 1.2.4 using APR version 1.5.1.
> OpenSSL successfully initialized (OpenSSL 1.0.2e 3 Dec 2015)
>
> Regards,
> David
>
>
> On 8 January 2016 at 17:02, David Balažic <xerces9+osl at gmail.com> wrote:
>> Hi!
>>
>> I encounter this issue when using Firefox to access tomcat (that is
>> using openssl) with client cert authentication.
>>
>> After a certain timeout, the web application does not "see" the
>> clients certificate in requests.
>>
>> The problem happens on different operating systems (Window,s Linux)
>> and browsers.
>>
>> I reported it to tomcat and Firefox, with not much response.
>>
>> There is a simple test case in comment 1 of the tomcat bug (see below).
>>
>> Could someone assist in finding the cause of the problem?
>> I also have pcap traces (somewhere) of working and non working network traffic.
>>
>>
>> Latest tested configuration:
>> tomcat 8.0.30, using OpenSSL 1.0.1m 19 Mar 2015
>> Firefox 43.0.4
>> OS: Windows 7 Pro SP1 64bit
>>
>> The tomcat bug with much details:
>>
>> https://bz.apache.org/bugzilla/show_bug.cgi?id=58244
>>
>> Firefox bug report (not much details):
>> https://bugzilla.mozilla.org/show_bug.cgi?id=1231406
>>
>> Regards,
>> David Balažic
More information about the openssl-users
mailing list