https://bz.apache.org/bugzilla/show_bug.cgi?id=69728
--- Comment #1 from Mark Thomas <ma...@apache.org> --- Optional verification and optional presence are the same thing. That said, I do think the log message isn't quite right. The issue is the HTTP/2 doesn't permit re-handshaking (TLS 1.2) or post-handshake authentication (PHA - TLS 1.3). That causes problems if CLIENT-CERT authentication is used since it triggers a rehandshake/PHA to obtain a client certificate if one is not present when the user requests a protected URI. If certificateVerification is set to required - everything will be fine. If certificateVerification is set to anything else then there might be problems depending on if the client provides a certificate with the initial connection and if the client requests a protected resource. I'll look at re-working when that warning is displayed and the text of the warning. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
