-
Notifications
You must be signed in to change notification settings - Fork 132
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handling of servers CERTIFICATE REQUEST #63
Comments
Hey, If you want to play with client authentication you can either change the configuration of TLS-Attacker to use client authentication by default, or specify a custom WorkflowTrace to send the appropriate messages. For the config case there is already an example included in the resource folder.
and executing:
Cheers |
Thanks a lot! |
When a server request a client certificate, the TLS-Client seems to ignore this and so the handshake fails. The cause seems to be the client, which doesn't include a certificate message.
Is this intended? Or must I use additional parameters? I tried to load the certificate from a java keystore, but that doesn't change the behavior.
At least I would expect, that according Client Certificate
such a certificate message with an empty list is send.
I use the current master of TLS-ATTACKER and OpenSSL 1.1.1 11 Sep 2018.
Steps to reproduce:
Resulting capture:
cert_req_failing.zip
The text was updated successfully, but these errors were encountered: