JDK-6855444 : ssl client authentication popup locks up after ssl session timeout in applet
  • Type: Bug
  • Component: deploy
  • Sub-Component: deployment_toolkit
  • Affected Version: 6u14
  • Priority: P2
  • Status: Closed
  • Resolution: Duplicate
  • OS: windows_xp
  • CPU: generic
  • Submitted: 2009-06-26
  • Updated: 2010-07-01
  • Resolved: 2009-10-01
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6
6-poolResolved
Related Reports
Relates :  
JDK-6951688 - Client certificate authentication prompt on every connection - Remove JFB checking
Description
** What type of OS are you running? 
Windows/XP/Vista
** What version of OS are you running?  

windows sp3
** Please describe your Environment: 
** application, system setup and problem statement. 
Problem description: 
------------------- 
When using JRE & Client Authentication the Client Authentication pop up is 
raised for the client certificate very frequently. 
 
The Client Authentication pop up will be shown when one of the following 
happens, whichever is the first 
 
a) SSLSessionCacheTimeout time has been reached 
b) SSlSessionCache Limit has been reached 

** When was the issue first noticed ( Date and Time )?  
** When since that time have you seen the issue ? 
Reported 13-JUN-2009 12:11:31 PST

Please see comments section of the report for pointer to test case and instructions on how to reproduce the problem.

What we are looking to find is if there is a way for customers to use client-side authentication with the JDK where there are multiple client certs in the wallet/keystore?  If this configuration is used, then customers experience that the certification prompt from the JRE locks up when the SSL session times out and the client cert must be selected again to auth the user. 
 
Timeline of events: 
 
1)  User connects to webserver/applet 
2)  User is prompted to select client-cert by JRE 
3)  User selects client-cert and accesses the applet 
4)  Timeout occurs after 60 sec (configured in ssl.conf of webserver for testing) 
5)  User is prompted again for client-cert by JRE 
6)  This time the user cannot select cert as the prompt hangs 
7)  Hang requires user to kill JRE from taskmanager thus losing all session work in applet.
Comments
EVALUATION This is related to 6357710. The fix for 6357710 also fixes this issue. Need customer to verify , hence sent out FVB.
01-09-2009