RFC 5246 sec 7.4.4 states that "non-anonymous" servers can request a client certificate, and otherwise attempting to request a certificate should result in a fatal alert.
I would generally think of a handshake using PSK or SRP to not be anonymous but rather the peer identity is implicitly verified via use of the shared secret. But in this context I'm not sure that's the intent. For purpose of 7.4.4 does "non-anonymous" mean: - Anything besides a DH_anon_*/ECDH_anon_* ciphersuite - A ciphersuite which involves the server sending a Certificate message. - Something else? Thanks, Jack _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
