On 28/08/2019 23:09, Vivien Wu wrote: > Tomcat version: 8.5.14 > OS: debian 9 (stretch) > Issues: If using SSLVerifyClient=optional, it seems to work (log attached, > assuming config is validated); > however when trying to use SSLVerifyClient=none, the browser complains > > This site can’t provide a secure connection login-test.foo.com sent an > invalid response. > ERR_SSL_PROTOCOL_ERROR
What did you expect? You told the Connector - explicitly - not to ask for CLIENT-CERT authentication. You told the application to require CLIENT-CERT authentication. It looks like SSLVerifyClient=optional is the correct setting for you use case. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
