You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When the RFC5246 was designed, why would the server verify the client's certificate by signing a client-key-Exchange message instead of explicitly requiring cert-verify message? For example, the algorithm suite ECDHE-RSA-* is in TLSv1.2.
In this process, the client-finished message also provides the cert-verify message to check the integrity of handshake messages?
Is the cert-verify message required? Regardless of existing compatibility issues. @kaduk
This discussion was converted from issue #19210 on June 08, 2024 01:13.
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
When the RFC5246 was designed, why would the server verify the client's certificate by signing
a client-key-Exchange messageinstead of explicitly requiringcert-verify message? For example, the algorithm suiteECDHE-RSA-*is in TLSv1.2.In this process, the
client-finishedmessage also provides thecert-verifymessage to check the integrity of handshake messages?Is the
cert-verifymessage required? Regardless of existing compatibility issues.@kaduk
Beta Was this translation helpful? Give feedback.
All reactions