Internet Explorer / IE >> IE6 - SSL/TLS and HelloRequest
Hi All,
I am working on a middleware that supports SSL/TLS and SSL/TLS with
client authentication for HTTP web servers.
Most of the pages in the web server require only SSL, without client
authentication. But there is a possibility that the user will access a
page that requires SSL with client authentication while browsing the
web server contents. I want to migrate to a client authenticated
session without any hurdles. The restriction that i have is i can
listen on only one port for both SSL and SSL with client
authentication.
Though i know that the above can be achieved by implementing Hello
Request at the SSL layer i am facing some hurdles.
1) When I get a HTTP request (over SSL) i find out that this request
requires client authentication .
Now, should i send a Hello Request to the client before sending any
HTTP response or Should i send any HTTP error code and then follow it
up with SSL Hello Request ?
2) Does IE support SSL Hello Request ? Anything specific to be taken
care of.
Have anyone got the dump of the SSL layer handshake data for this
requirement ?