On 2023/09/12 13:54:49 Torsten Krah wrote: > Hi, > > how do I enable TLS 1.3 post-handshake authentication with HTTP 1.1 > when using HttpComponents? > > At the moment all my requests are failing if a TLS 1.3 host requires > mutual tls and the certificate is only required for some methods / > uri's, where httpd will request that certificate via post-handshake > authentication? > > I know it is forbidden for HTTP/2, but for HTTP 1.1 it is a valid > extension to be used, e.g. curl had this > https://github.com/curl/curl/issues/3026 issue where that feature was > enabled, so how it is done for HttpComponents?
PHA is not implemented in SunJSSE. See: https://pagure.io/dogtagpki/issue/3088 and https://medium.com/quick-code/an-example-of-tls-1-3-client-and-server-on-java-20e9eeb64ddf Maybe you can hook in another JSSE impl, but it still needs the API to enable PHA. Good luck! --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org