Henrik Nordstrom wrote:
> On Thu, 17 Nov 2005, Seth Milder wrote:
>
>> I have a Java Applet that connects to a site requiring client side
>> certificates.
>
>
> Then it's a https site, and the appliet connects via the proxy using the
> CONNECT method, right?
This is correct.
>
>> The site is running Apache 2.0.54 with a keepalive timeout of 15
>> minutes. As a result the applet prompts the user for a client side
>> certificate on its inital connection and does not prompt again unless
>> the user has been idle for more than 15 minutes. My problem is that
>> when we try this through our Squid proxy, the Applet prompts the user
>> on virtually every request, making for a very annoying user experience.
>
>
> Sounds like a broken applet to me.
>
> When using the CONNECT method there is a bidirectional tunnel opened
> between the client and the requested web site. The proxy does not modify
> the data flow in any manner or impose any additional policies on
> keep-alive timeouts etc.
Well, it is more than a broken applet. It is, I believe, a broken
implementation. I am starting to think that the Java plugin itself is to
blame. I recently wrote the simplest applet I could that would just
retrieve a URL and it exhibits the exact same behavior. I now think this
is not something wrong with Squid, but the Java plugin's
HttpsURLConnection implementation. If you've any more insights, they
would be appreciated.
Best,
Seth Milder
>
> Regards
> Henrik
Received on Mon Nov 21 2005 - 11:57:16 MST
This archive was generated by hypermail pre-2.1.9 : Thu Dec 01 2005 - 12:00:10 MST