TLS 1.3 supports certificate-based client auth in the primary handshake. -Ekr
On Fri, Jan 14, 2022 at 8:19 AM Urmas Vanem <urmas.va...@octox.eu> wrote: > Hello! > > > > TLS 1.3 introduces post-handshake authentication. It relies on > client/browser, client/browser must send post_handshake_auth extension to > server before it can work. I hope I understood it correctly. > > But today we know only Firefox from popular browsers support this > extension (and not by default). > > > > Question: How can I implement certificate based client authentication > against web server in TLS 1.3 only environment, if browsers do not support > post_handshake_auth extension. > > > > I have open discussion with one big software company. Can you please share > your opinion/recommendation here regarding to the issue? > > > > Thanks in advance, > > > > Urmas > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls