TLS SessionTicket Handshake how to get certificate from client?

Question

soudruhcz 0 Newbie Poster

9 Years Ago

Hi All,

I'm using Tomcat 7 with APR. I have HttpServletRequest from which I get client certificate.

X509Certificate[] clientCertificates = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate");

when I do full SSL handshake, clientCertificates are returned correctly,
when I do Session identificator handshake, clientCertificates are returned correctly too,
but when is TLS SessionTicket mechanism used, then no client certificate is returned to me.

I need this certificate to identify which client is sending the request.

Does anybody know how to get it by Java? Or another solution could be disable TLS SessionTicket on Tomcat, then the communication will use Session Identificator and my problem will be solved.

Thank You in advance.

java

1 Contributor
1 Reply
235 Views
1 Week Discussion Span
Latest Post 9 Years Ago Latest Post by soudruhcz

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

soudruhcz 0 Newbie Poster · Answer 1 · 2014-09-11T07:46:30+00:00

When I used BIO instead of APR, SessionTicket mechanism is not used. So it's solved.