[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-ssl]cu|| Problem with different SSLClientContext



Hello,

yes, when a session is resumed, only an abbreviated handshake is performed
where the hello message are followed by the change ciper spec and finsihed
messages.

If you do not want to resume a session you may have to invalidate it:

sslSocket.getSession().invalidate();

If you want turn off session resuming at all you may set the session manager
to null:

sslContext.setSessionManager(null);

For selecting among several client certificates you may override
method SSLClientContext.getClientCredentials() to, for instance, supply
the list of matching certificates to the user from which (s)he may select
the one to be used (as alternative to using a new SSLClientContext).

Regards,
Dieter Bratko



-----Ursprüngliche Nachricht-----
Von: iaik-ssl-owner@iaik.at [mailto:iaik-ssl-owner@iaik.at]Im Auftrag
von Krause Karin
Gesendet: Donnerstag, 12. September 2002 16:27
An: 'iaik-ssl@iaik.at'
Betreff: [iaik-ssl]cu|| Problem with different SSLClientContext


Hello,
I ran into troubles when I try to make different HTTPS connections with
different
client certificates (client authentication is required) in the same process.
The problem is that always the first added
certificate is taken, although I make a new SSLClientContext with a new
certificate
and add this to my new connection the first added certificate is taken for
client authentication

I use ISASILK 3.0.

Here is my log output
New SSLClientContext for ABC1024E.p12
ssl_debug(1): Starting handshake...
ssl_debug(1): Sending v3 client_hello message, requesting version 3.1...
ssl_debug(1): Received v3 server_hello handshake message.
ssl_debug(1): Server selected SSL version 3.1.
ssl_debug(1): Server created new session 4B:40:C6:52:2D:C9:63:85...
ssl_debug(1): CipherSuite selected by server: SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(1): CompressionMethod selected by server: NULL
ssl_debug(1): Received certificate handshake message with server
certificate.
ssl_debug(1): Server sent a 1024 bit RSA certificate, chain has 2 elements.
ssl_debug(1): Received certificate_request handshake message.
ssl_debug(1): Received server_hello_done handshake message.
ssl_debug(1): Sending certificate handshake message with RSA client
certificate...
ssl_debug(1): Sending client_key_exchange handshake message (1024 bit)...
ssl_debug(1): Sending certificate_verify handshake message...
ssl_debug(1): Sending change_cipher_spec message...
ssl_debug(1): Sending finished message...
ssl_debug(1): Received change_cipher_spec message.
ssl_debug(1): Received finished message.
ssl_debug(1): Session added to session cache.
ssl_debug(1): Handshake completed.
.New SSLClientContext for C:/_MY_DATA/certs/IVPCert_dev.p12
ssl_debug(2): Starting handshake...
ssl_debug(2): Sending v3 client_hello message, requesting version 3.1...
ssl_debug(2): Trying to resume session 4B:40:C6:52:2D:C9:63:85...
ssl_debug(2): Received v3 server_hello handshake message.
ssl_debug(2): Server selected SSL version 3.1.
ssl_debug(2): Server also wants to resume a previous session.
ssl_debug(2): Continuing with CipherSuite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(2): Continuing with CompressionMethod: NULL
ssl_debug(2): Received change_cipher_spec message.
ssl_debug(2): Received finished message.
ssl_debug(2): Sending change_cipher_spec message...
ssl_debug(2): Sending finished message...
ssl_debug(2): Session added to session cache.
ssl_debug(2): Handshake completed.


Maybe it's because the previous session is reused. Can I force that a new
session is used.
Or how can I influence which client certificate is send to the server.

Kindest Regards
Karin Krause
-------------------------------------------------------
Karin Krause
INS Group IT, e-platform Solution Center
Java Enterprise Technologies
Phone +41-52-261 2947, Fax +41-52-261 4640
mailto:karin.krause@winterthur.ch
-------------------------------------------------------
Winterthur Insurance
Paulstrasse 12, WTEE2
CH-8401 Winterthur
http://www.winterthur.com
-------------------------------------------------------

--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-ssl


--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl