The file ssl-howto.xml includes the line clientAuth="optional" SSLProtocol="TLSv1"/> However, the corresponding description of the clientAuth parameter in config/http.xml does not mention "optional" as a possible parameter value, only "true", "false", "want". The code in util.net.jsse.JSSESocketFactory only checks for "true", "yes" and "want"; AFAICT everthing else is treated as "false". It looks like the entry in ssl-howto.xml is wrong. Also, perhaps the description in http.xml should include "yes" as an alias for "true".
JSSE != APR/native as is made clear in the docs.
Grr. Why is it that the problem becomes obvious the second you hit save changes? "optional" is correct in this case since this is APR but the attribute name is wrong.
Fixed in trunk and 7.0.x and will be included in 7.0.29 onwards.