I believe I resolved the issue...
search for the right terms finally and came up with this...
SSL/TLS Vulnerability Fix (CVE-2009-3555)
...
Therefore, Web Server 7.0 Update 7 disables all use of SSL/TLS renegotiation. If either the client or the Web Server attempt to trigger renegotiation on an existing SSL/TLS session, the connection will fail.
...
the fix...
Obtaining a client certificate during the initial connection handshake will continue to work correctly. This mode can be configured by setting the client-auth element to 'required' in server.xml:
<http-listener>
<ssl>
<client-auth>required</client-auth>
</ssl>
</http-listener>
[Message sent by forum member 'aeronautical96']
http://forums.java.net/jive/thread.jspa?messageID=471846