[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] [iaik-ssl] How to prevent storage of SSL session information?



The fact that you do not need to specify your certificate each time does
not mean that authentication is not performed. This is a feature of the
SSL protocol and not a bug.

I cannot say anything about JigsawSSL allowing access to pages configured
to require some other certificate. Note that we have stopped supporting
JigsawSSL half a year ago and that the project including source code was
put in the public domain.

One way to fix the problem would be to disable session caching on the
server, but that would mean that you would have to choose your client
certificate for every new TCP connection established, i.e. essentially
for each embedded image in an HTML page.

 Andreas Sterbenz              mailto:Andreas.Sterbenz@iaik.tu-graz.ac.at


-----Ursprüngliche Nachricht-----
Von: Bharath Vutukuru <bvutukur@isse.gmu.edu>
An: <iaik-jce@iaik.tu-graz.ac.at>
Cc: IAIK SSL <iaik-ssl@iaik.tu-graz.ac.at>
Gesendet: Mittwoch, 10. November 1999 06:02
Betreff: [iaik-ssl] How to prevent storage of SSL session information?


> HI,
>
> I've installed IAIK-JigsawSSL with mandatory client authentication. I
> observe that once I establish a SSL session , the state is being
stored.
> That is, after I visit other websites, if I come back to my JigsawSSL
web
> page, client authentication is not being asked and information from
> previous session is being used to continue the SSL connection.
> How do I prevent this?? How can I make the JigsawSSL server ask for
> client-authentication everytime I access a secure webpage on it??
>
> Thanks in advance
> -bharath
>
>
> --
> Mailinglist-archive at
http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html
>
> To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the
folowing content: UNSUBSCRIBE iaik-ssl
>
>
>


smime.p7s