Henrik Nordstrom wrote:
On Thu, 17 Nov 2005, Seth Milder wrote:
I have a Java Applet that connects to a site requiring client side
certificates.
Then it's a https site, and the appliet connects via the proxy using the
CONNECT method, right?
This is correct.
The site is running Apache 2.0.54 with a keepalive timeout of 15
minutes. As a result the applet prompts the user for a client side
certificate on its inital connection and does not prompt again unless
the user has been idle for more than 15 minutes. My problem is that
when we try this through our Squid proxy, the Applet prompts the user
on virtually every request, making for a very annoying user experience.
Sounds like a broken applet to me.
When using the CONNECT method there is a bidirectional tunnel opened
between the client and the requested web site. The proxy does not modify
the data flow in any manner or impose any additional policies on
keep-alive timeouts etc.
Well, it is more than a broken applet. It is, I believe, a broken
implementation. I am starting to think that the Java plugin itself is to
blame. I recently wrote the simplest applet I could that would just
retrieve a URL and it exhibits the exact same behavior. I now think this
is not something wrong with Squid, but the Java plugin's
HttpsURLConnection implementation. If you've any more insights, they
would be appreciated.
Best,
Seth Milder
Regards
Henrik
