Hi All,

I'm using Tomcat 7 with APR. I have HttpServletRequest from which I get client certificate.

X509Certificate[] clientCertificates = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate");
  • when I do full SSL handshake, clientCertificates are returned correctly,
  • when I do Session identificator handshake, clientCertificates are returned correctly too,
  • but when is TLS SessionTicket mechanism used, then no client certificate is returned to me.

I need this certificate to identify which client is sending the request.

Does anybody know how to get it by Java? Or another solution could be disable TLS SessionTicket on Tomcat, then the communication will use Session Identificator and my problem will be solved.

Thank You in advance.