OptRenegotiate and IE problem.

Hello,

I've got a problem I've been unable to resolve. Maybe somebody here has
the know-how to help me?
I've got a Apache+ModSSL webserver with a directory which requires
clients to authenticate themselves with
a certificate. Certificates (and keys) are on a smartcard. When the
client requests for a file in protected directory,
let's say /some_content/protected/some_file, browser asks for PIN,
client enters it and gets his/her content.
Now the problem:
If the client uses a pinpad equipped smartcard reader, he/she will be
prompted for pin for every page he requests -
drivers for these devices are unable do cache pins and the ssl-session
will be invalidated every time the browser
requests a file outside of protected area.
For technical reasons I can't require certificate based authentication
for whole server - it breaks some java applets
which have to load components from the server.
If I do use server-wide SSLOptions +OptRenegotiate, things will somewhat
improve - Mozilla-based browsers now work without eternal
ssl-session renewal and the client only has to enter PIN once. However,
IE6 _still_ requires PIN for every page view.

So - how should I configure the server to avoid this kind of behavior?

Regards,
Priit



____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org