SSL Renegotiation Issue Fixed in JDK1.6.0_22
GlassFish users who make use of CLIENT-CERT authentication with SSL in their JavaEE applications should consider upgrading to JDK1.6.0_22. The good news is that JDK1.6.0_22 contains a full fix for the renegotiation protocol flaw in SSL (The IETF issued RFC 5746 ). A fix which implements RFC 5746 and supports secure renegotiation.
More details are here : http://www.oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html