Index: /branches/rel_apv_10_7/usr/src/sys/click/app/ssl/tlsv13_server.c
===================================================================
--- /branches/rel_apv_10_7/usr/src/sys/click/app/ssl/tlsv13_server.c	(revision 40278)
+++ /branches/rel_apv_10_7/usr/src/sys/click/app/ssl/tlsv13_server.c	(working copy)
@@ -8989,6 +8989,23 @@
 	uint32_t now, agems, agesec;
 
 	ssl_printf("in func:%s()\n", __FUNCTION__);
+
+	/*  TWSD-1375:
+		To make sure backend server receive proper HTTP Header,
+		we force TLSv13 connection with client cert auth (mTLS) to do full handshake if reconnect.
+		(not sending the session ticket)  */
+	if (sslp->tlsv13_data->auth_type == TLSV13_AUTH_CERT || sslp->proxy_data.has_cert != 0) {
+
+		ssl_printf("TLSv13 Client cert used. Skipping ticket generation to force Full Handshake.\n");
+
+		/* Clear flags for stopping resumption */
+		sslp->flags &= ~SSL_FLAG_CARD_PENDING;
+		sslp->flags &= ~SSL_FLAG_NOTREADY_FINISHED;
+
+		/* Directly enter last step */
+		return tlsv13_state_final(sslp);
+	}
+
 	bzero(&lable, sizeof(lable));
 	
 	psk_len = C_HASH_LEN(sslp->pending_cipher);