Hi, I opened this PR recently to improve the SSLValve so it is able to handle the ssl_client_escaped_cert header from Nginx.
https://github.com/apache/tomcat/pull/406 Is anything more needed to move forward? The problem solved by this PR is exemplified by https://stackoverflow.com/questions/64911070/clients-certificate-authentication-issue-in-tomcat-in-7-0-100 . The newer Nginx ssl_client_escaped_cert header was introduced by https://trac.nginx.org/nginx/ticket/857 around four years ago, and that ticket mentions that: The $ssl_client_cert variable should be considered deprecated now (although I didn't see this deprecation mentioned in other documentation). Thanks, Florent -- [image: Nuxeo Logo] <https://www.nuxeo.com/> Florent Guillaume Head of R&D [image: LinkedIn] <https://www.linkedin.com/in/fguillaume/> [image: Twitter] <https://twitter.com/efge> [image: Github] <https://github.com/efge> Nuxeo Content Services Platform. Stay ahead.
