https://bz.apache.org/bugzilla/show_bug.cgi?id=65975
--- Comment #7 from Martin Stangl ---
Hi Mark,
Just fyi: According to my tests, TLS 1.3 with OpenSSL also does not work. So it
is not limited to JSSE.
You mentioned to output a warning when CLIENT-CERT is used with an unsupported
protocol. W
https://bz.apache.org/bugzilla/show_bug.cgi?id=65975
--- Comment #8 from Christopher Schultz ---
(In reply to Martin Stangl from comment #6)
> org.apache.coyote.http11.Http11AprProtocol had a delay of 1 minute after
> selecting the certificate in the browser.
>
> Tested with Chrome, Edge and Po
https://bz.apache.org/bugzilla/show_bug.cgi?id=65975
--- Comment #9 from Martin Stangl ---
Hi Christopher,
no OCSP, but I noticed that the CRL LDAP URL is invalid:
URL=ldap:///CN=T-base-CA,CN=NoCore,CN=CDP,CN=Public Key
Services,CN=Services,CN=Configuration,DC=intranet,DC=t-base,DC=pro?certific
https://bz.apache.org/bugzilla/show_bug.cgi?id=65975
--- Comment #10 from Martin Stangl ---
Seems this CRL URL is on purpose like this. I will go forward and use a client
cert not issued by my AD CA for testing purposes.
--
You are receiving this mail because:
You are the assignee for the bug.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65975
--- Comment #11 from Martin Stangl ---
I tested with 2 other client certificates. Same result.
Let's encrypt certificate with OSCP. (For some strange reasons javax.net.ssl
decided to print certificate details in this case)
25-Mar-2022 20:17
https://bz.apache.org/bugzilla/show_bug.cgi?id=65975
--- Comment #12 from Martin Stangl ---
I came up with another test: I took the server (notebook) offline, because if
no network cable is plugged in, network requests immediately fail and do not
time out.
Still the exact same delay.
So most l
