You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → General Inquiries → mutual authentication
Hello,
I just joined the community and have a question.
I understand that "mutual authentication" involves both sides of an SSL/TLS connection sending the certificate chain during the handshake and verifying the counterparty's chain.
So when does that happen?
Hi toni992,
My name is Anthony and I am a member of the wolfSSL team. The short answer is that it happens during the TLS handshake.
The longer more nuanced answer follows. From RFC 8466 (TLS 1.3) https://datatracker.ietf.org/doc/html/rfc8446#section-2 you can see the following:
Client Server
Key ^ ClientHello
Exch | + key_share*
| + signature_algorithms*
| + psk_key_exchange_modes*
v + pre_shared_key* -------->
ServerHello ^ Key
+ key_share* | Exch
+ pre_shared_key* v
{EncryptedExtensions} ^ Server
{CertificateRequest*} v Params
{Certificate*} ^
{CertificateVerify*} | Auth
{Finished} v
<-------- [Application Data*]
^ {Certificate*}
Auth | {CertificateVerify*}
v {Finished} -------->
[Application Data] <-------> [Application Data]The certificate and certificate verify messages are where it happens.
The Certificate message is where the certificate chain is sent to the peer. The CertificateVerify message is where the signature of the TLS handshake transcript is sent. The peer verifies the chain and the signature of the TLS handshake transcript.
Please let me know if you would like further clarifications.
This is a great question and here at wolfSSL we love to know about the community member and what they are doing.
Can you please let us know about your interest in wolfSSL and protocols? Can you let us know about yourself and your projects?
For example, where are you located? Can you let us know your goals.
Warm regards, Anthony
wolfSSL - Embedded SSL Library → General Inquiries → mutual authentication
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.020 seconds (92% PHP - 8% DB) with 11 queries