You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
TODO: HTTP2 forbids TLS renegotiation and post-handshake authentication but it's
possible with HTTP1.1 and maybe needs to be discussed explicitly here or
somewhere in this document? Naively I'd say that the Client-Cert header will
be sent with the data of the most recent client cert anytime after renegotiation
or post-handshake auth. And only for requests that are fully covered by the cert
but that in practice making the determination of where exactly in the
application data the cert messages arrived is hard to impossible so it'll be a
best effort kind of thing.
The text was updated successfully, but these errors were encountered:
@b---c wrote:
The text was updated successfully, but these errors were encountered: