[jboss-jira] [JBoss JIRA] (WFLY-7662) CLIENT-CERT authentication doesn't work
Stuart Douglas (JIRA)
issues at jboss.org
Thu Dec 1 00:23:01 EST 2016
[ https://issues.jboss.org/browse/WFLY-7662?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stuart Douglas resolved WFLY-7662.
----------------------------------
Resolution: Rejected
There is nothing we can do about this. The HTTP/2 spec says:
9.2.1. TLS 1.2 Features
A deployment of HTTP/2 over TLS 1.2 MUST disable renegotiation. An
endpoint MUST treat a TLS renegotiation as a connection error
(Section 5.4.1) of type PROTOCOL_ERROR.
and
This effectively prevents the use of renegotiation in response to a
request for a specific protected resource. A future specification
might provide a way to support this use case. Alternatively, a
server might use an error (Section 5.4) of type HTTP_1_1_REQUIRED to
request the client use a protocol that supports renegotiation.
However it looks like the HTTP_1_1_REQUIRED response is not honored by firefox or chrome.
> CLIENT-CERT authentication doesn't work
> ---------------------------------------
>
> Key: WFLY-7662
> URL: https://issues.jboss.org/browse/WFLY-7662
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Affects Versions: 10.1.0.Final
> Environment: Java 1.8.0_112
> Reporter: Rostyslav Smirnov
> Assignee: Stuart Douglas
>
> When accessing a web application secured by CLIENT-CERT authentication, a browser no longer presents certificate dialog prompt, always displays response 403 Forbidden instead.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list